From: George Alexandru Dragoi <waruiinu@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: tracking usage by mac address
Date: Mon, 30 Aug 2004 16:12:44 +0300 [thread overview]
Message-ID: <3063e50408300612d148797@mail.gmail.com> (raw)
In-Reply-To: <1093865668.2761.6.camel@scaramouche>
You can use ip_conntrack this way
iptables -t nat -A PREROUTING -i $LANIF -s $LANIPCLIENT1 -m mac
--mac-source $CLIENT1_MAC_ADDRESS -j ACCEPT
iptables -t nat -A PREROUTING -i $LANIF -s $LANIPCLIENT2 -m mac
--mac-source $CLIENT2_MAC_ADDRESS -j ACCEPT
......
iptables -t nat -A PREROUTING -i $LANIF -j DROP
Then
iptables -A FORWARD -s $LANIPCLIENT1 -i $LANIF -o $INETIF #upload
iptables -A FORWARD -d $LANIPCLIENT1 -d $LANIF -o $INETIF #download
and to see the traffic, use
iptables -L FORWARD -nv
and look for those 2 rules. You can add a -j LOG target, or whatever.
This way you will see the client's download based on his mac, because
you allow beginning streams only with those macs
On Mon, 30 Aug 2004 13:34:58 +0200, Torsten Luettgert
<t.luettgert@pressestimmen.de> wrote:
> On Mon, 2004-08-30 at 04:42, Henry Baxter wrote:
> > Ultimately I am hoping to track the bandwidth usage of about 50 client
> > computers through my router based on their MAC address. I understand
> > that by simply writing a rule that does nothing to the packet, such as
> > 'iptables -A FORWARD -m <mac address>' I can parse the netfilter log and
> > find out what I need. This seems rather convoluted though - getting
> > netfilter to create a basically human readable log file, and then
> > parsing it.
>
> You could also use ULOG and the ulog-acctd from
> http://alioth.debian.org/projects/pkg-ulog-acctd/
>
> (if you want to use this on RedHat/Fedora, I could send you my RPM
> I made from it)
>
> This also generates a somewhat user-readable log file which you'd need
> to parse, but it can aggregate several packets (thus reducing the size
> of the log file) and generate a Cisco-compatible traffic log file.
> Parsers for that should not be hard to find.
>
> Greetings,
> Torsten
>
>
--
Bla bla
next prev parent reply other threads:[~2004-08-30 13:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-30 2:42 tracking usage by mac address Henry Baxter
2004-08-30 10:17 ` Chris Brenton
2004-08-30 11:34 ` Torsten Luettgert
2004-08-30 13:12 ` George Alexandru Dragoi [this message]
2004-08-30 18:54 ` Jose Maria Lopez
2004-08-30 20:37 ` George Alexandru Dragoi
2004-08-31 0:34 ` Henry Baxter
2004-08-31 19:52 ` Jose Maria Lopez
2004-08-31 19:52 ` Jose Maria Lopez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3063e50408300612d148797@mail.gmail.com \
--to=waruiinu@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.