From: Stewart Thompson <stewart.thompson@shaw.ca>
To: HareRam <hareram@sol.net.in>, netfilter@lists.netfilter.org
Subject: RE: transfer Bytes Counting
Date: Tue, 01 Oct 2002 01:41:36 -0700 [thread overview]
Message-ID: <FLEKIPPLAEDMJMOOBBDPEEKGDAAA.stewart.thompson@shaw.ca> (raw)
In-Reply-To: <007301c26909$036ea440$7cfcc5cb@humanpc>
Hi Hare:
Here is one way that was originally suggested by Antony Stone on the list.
<Begin Quote>
In my FORWARD chain, instead of ACCEPTing packets which are ESTABLISHED or
RELATED, I send them to a user-defined chain called for example PKTCOUNT
Then the PKTCOUNT chain contains rules like this:
iptables -A PKTCOUNT -s 11.22.33.44 -j ACCEPT
iptables -A PKTCOUNT -s 11.22.33.55 - j ACCEPT
iptables -A PKTCOUNT -s 11.22.33.66 -j ACCEPT
and so on, for each of the IP addresses you're interested in. You could of
course use -d if you're more interested in destination addresses, or use
both.
Then the command iptables -L PKTCOUNT -n -v will show you the number of
packets and the number of bytes which have matched on each rule in this
chain
- ie the number which matched each IP address.
I actually have a cron job to do this once a minute and record all the
numbers to an IP log file, which I can then parse with a Perl program to
produce some pretty graphs. I'm sure mrtg could do this if you wanted to
use that instead.
I guess if you've already created a set of SNAT or DNAT rules to do the
translations you want, then you probably don't even need to create the
PKTCOUNT chain - just try doing iptables -L PREROUTING -n -v -t nat and it
will tell you how many packets and bytes got translated by each rule.
<End Quote>
Hope that helps.
Stu....
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of HareRam
Sent: September 30, 2002 10:12 PM
To: netfilter@lists.netfilter.org
Subject: transfer Bytes Counting
Hi all
iam using IPtables since long
now i have new requirement in my network
i sould like to count tranfer bytes In/Out for individual IP or MAC address
could any give me small examples, how can i do this rather i achive this
thanks in advance
hare
next prev parent reply other threads:[~2002-10-01 8:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-27 20:21 --limit 1/day problem Tom Crane
2002-10-01 5:11 ` transfer Bytes Counting HareRam
2002-10-01 8:41 ` Stewart Thompson [this message]
[not found] <001301c2692a$f1df95a0$7cfcc5cb@humanpc>
2002-10-01 22:50 ` Stewart Thompson
2002-10-01 23:34 ` Antony Stone
2002-10-02 13:39 ` HareRam
2002-10-02 14:32 ` Antony Stone
2002-10-02 16:13 ` Clint Todish
2002-10-04 8:44 ` HareRam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=FLEKIPPLAEDMJMOOBBDPEEKGDAAA.stewart.thompson@shaw.ca \
--to=stewart.thompson@shaw.ca \
--cc=hareram@sol.net.in \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.