All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tobias Geiger <tobias.geiger@web.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] NAT statistics
Date: Thu, 14 Mar 2002 13:56:18 +0000	[thread overview]
Message-ID: <marc-lartc-101611426511552@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101609787703220@msgid-missing>

Hello,

you can use the ipac-ng (http://sourceforge.net/projects/ipac-ng/) toolset to implement counters with iptables.
ipac-ng generates iptables-rulesjust for accounting, this data can be
summarized and even be graphed. ( i use mrtg for graphing the data, but
ipac-ng includes a graph-generator itself)

i hope that's what you were looking for

Tobias

On Thu, Mar 14, 2002 at 03:43:09PM +0200, Sebastian Taralunga wrote:
> 
> Thank you VaibhaV,
> 
> Your script works just fine however my problem is to get traffic information
> about both downlink and uplink on a NAT server. Do you know what iptables rules
> should I use to be able to see such information? Right now my rules look like
> this (generated by iptables-save):
> 
> *nat
> :PREROUTING ACCEPT [1372:944647]
> :POSTROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A POSTROUTING -s 192.168.130.2 -j MASQUERADE
> -A POSTROUTING -s 192.168.130.3 -j MASQUERADE
> 
> -----
> 
> Regards,
> 
> Sebastian
> 
> On Thu, 14 Mar 2002, VaibhaV Sharma wrote:
> 
> > Hello,
> > See the -v option in man iptables
> >
> >
> >        -v, --verbose
> >               Verbose output.  This option makes the list command
> >               show the interface address, the  rule  options  (if
> >               any), and the TOS masks.  The packet and byte coun­
> >               ters are also listed, with the suffix 'K',  'M'  or
> >               'G' for 1000, 1,000,000 and 1,000,000,000 multipli­
> >               ers respectively (but see the  -x  flag  to  change
> >               this).   For  appending,  insertion,  deletion  and
> >               replacement, this causes  detailed  information  on
> >               the rule or rules to be printed.
> >
> >
> > This would give you the amount of data transferred for each rule that you
> > have in ur firewall as one of the columns
> >
> > I wrote a small script to extract amount of data for each client I am
> > allowing FORWARD. The script takes the IP address of the machine you wanna
> > find info about as the command line parameter.
> >
> > ------------------------------------------------
> > #!/bin/sh
> >
> > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v
> > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12`
> >
> > bytes=`echo $details | cut -d" " -f1`
> > ip=`echo $details | cut -d" " -f2`
> >
> > echo "IP address $ip transferred $bytes bytes."
> >
> > ------------------------------------------------
> >
> > The cut thingi's are customised to the output I get for my rules. Check
> > urs and modify.
> >
> > VaibhaV
> >
> >
> > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga"
> > <seba@tcx.ro> wrote:
> >
> > >
> > > Hi,
> > >
> > > I want to be able to get statistics per IP address for both incoming and
> > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I
> > > actually have the same problem for a server running kernel v2.2.20,
> > > using ipchains.. Can anyone help me?
> > >
> > > Regards,
> > >
> > > Sebastian
> >
> >
> >  \                                                                  \
> >   \------------------------------------------------------------------\
> > \  |VaibhaV Sharma     |     vaibhav@exocore.com  |   L I N U X   \  |
> >  \ |Exocore Consulting |  http://www.exocore.com  |                \ |
> >   \|Bangalore, India   |  +91(80)3440397,3341137  |   R O C K S     \|
> >    \-----------------------------------------------------------------/
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

  parent reply	other threads:[~2002-03-14 13:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-03-14  9:30 [LARTC] NAT statistics Sebastian Taralunga
2002-03-14  9:44 ` VaibhaV Sharma
2002-03-14 13:43 ` Sebastian Taralunga
2002-03-14 13:56 ` Tobias Geiger [this message]
2002-03-14 20:24 ` Steele, Tom
2002-03-14 20:50 ` Steele, Tom
2002-03-15  4:59 ` VaibhaV Sharma

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101611426511552@msgid-missing \
    --to=tobias.geiger@web.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.