Re: Ip accounting Help

[Joel <zealous@bonbon.net>]

On Wed, 2004-06-23 at 14:31, Antony Stone wrote:
> On Wednesday 23 June 2004 4:49 am, Joel wrote:
> 
> > Hi all,
> >
> > Currently I am working on Ip accounting in linux.
> > My system is Redhat 9.0 with iptables v1.2.7a
> > This redhat is doing Squid-Caching/ Nat/ Bandwidth management with tc/
> > Real ip forwarding.
> >
> > I want to do Ip accounting of upload and download. I want to know how
> > much per ip bandwidth consumption is ?
> >
> > As i m doing source nat and Real ip forwarding, FORWARD chain will have
> > bytes counters. So FORWARD chain will give the correct figure of how
> > much the ip has used the bandwidth ???
> 
> Beware of trying to do this if you are using the stateful connection tracking 
> of netfilter (iptables -I FORWARD -m state --state ESTABLISHED,RELATED), 
> because if you are, then almost all of the packets going through the machine 
> (specifically, all except the first one of each connection) will be processed 
> by this one rule, and all the other rules in the FORWARD chain will only see 
> one packet per connection (the first one).
> 
> You may be able to do what you want using the mangle table of the FORWARD 
> chain, but not with the default filter table.
> 
> Regards,
> 
> Antony.
-- 


Hi Antony,

Yes I am using stateful connection tracking of netfilter ( iptables -I FORWARD -m state --state ESTABLISHED,RELATED)
So as per you i have used FORWARD chain in MANGLE table like this.

# iptables -t mangle -i eth1 -A FORWARD -s 10.1.1.24/29 -j ACCEPT  ---> I think for Download traffic  ---> M I right ?
# iptables -t mangle -i eth0 -A FORWARD -d 10.1.1.24/29 -j ACCEPT  ---> I think for Upload traffic ----> M I right ?

This is the output of 
# iptables -t mangle -nvL FORWARD

Chain FORWARD (policy ACCEPT 1747K packets, 318M bytes)
 pkts bytes target     prot opt in     out     source               destination
 1068 91499 ACCEPT     all  --  eth1   *       10.1.1.24/29         0.0.0.0/0
  148 26923 ACCEPT     all  --  eth0   *       0.0.0.0/0            10.1.1.24/29

Antony i have lot of other ip address but i have created only this subnet for mangle table for testing.
Traffic bytes are passing through this.
So is the correct method ?
Will be the bytes over here are accurate ???

Thanking you,

Joel n.solanki
Systems Administrator
(M) 91-9825500258
D2V ISP PVT LTD
http://www.d2visp.com/