From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geiger Date: Thu, 14 Mar 2002 13:56:18 +0000 Subject: Re: [LARTC] NAT statistics Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hello, you can use the ipac-ng (http://sourceforge.net/projects/ipac-ng/) toolset = to implement counters with iptables. ipac-ng generates iptables-rulesjust for accounting, this data can be summarized and even be graphed. ( i use mrtg for graphing the data, but ipac-ng includes a graph-generator itself) i hope that's what you were looking for Tobias On Thu, Mar 14, 2002 at 03:43:09PM +0200, Sebastian Taralunga wrote: >=20 > Thank you VaibhaV, >=20 > Your script works just fine however my problem is to get traffic informat= ion > about both downlink and uplink on a NAT server. Do you know what iptables= rules > should I use to be able to see such information? Right now my rules look = like > this (generated by iptables-save): >=20 > *nat > :PREROUTING ACCEPT [1372:944647] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.130.2 -j MASQUERADE > -A POSTROUTING -s 192.168.130.3 -j MASQUERADE >=20 > ----- >=20 > Regards, >=20 > Sebastian >=20 > On Thu, 14 Mar 2002, VaibhaV Sharma wrote: >=20 > > Hello, > > See the -v option in man iptables > > > > > > -v, --verbose > > Verbose output. This option makes the list command > > show the interface address, the rule options (if > > any), and the TOS masks. The packet and byte coun=AD > > ters are also listed, with the suffix 'K', 'M' or > > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli=AD > > ers respectively (but see the -x flag to change > > this). For appending, insertion, deletion and > > replacement, this causes detailed information on > > the rule or rules to be printed. > > > > > > This would give you the amount of data transferred for each rule that y= ou > > have in ur firewall as one of the columns > > > > I wrote a small script to extract amount of data for each client I am > > allowing FORWARD. The script takes the IP address of the machine you wa= nna > > find info about as the command line parameter. > > > > ------------------------------------------------ > > #!/bin/sh > > > > details=3D`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep= -v > > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > > > bytes=3D`echo $details | cut -d" " -f1` > > ip=3D`echo $details | cut -d" " -f2` > > > > echo "IP address $ip transferred $bytes bytes." > > > > ------------------------------------------------ > > > > The cut thingi's are customised to the output I get for my rules. Check > > urs and modify. > > > > VaibhaV > > > > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > > wrote: > > > > > > > > Hi, > > > > > > I want to be able to get statistics per IP address for both incoming = and > > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > > actually have the same problem for a server running kernel v2.2.20, > > > using ipchains.. Can anyone help me? > > > > > > Regards, > > > > > > Sebastian > > > > > > \ \ > > \------------------------------------------------------------------\ > > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > > \ |Exocore Consulting | http://www.exocore.com | \ | > > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > > \-----------------------------------------------------------------/ > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > >=20 > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/