From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Steele, Tom" Date: Thu, 14 Mar 2002 20:24:39 +0000 Subject: RE: [LARTC] NAT statistics Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org I don't know if this is the "proper" way to go about doing this, but here is one way you could get it done with ip rule and realms. This requires the iproute2 package to be installed, and all of the pretty policy routing options enabled in the kernel. This would only be practical for a small number of addresses, but it looks like you only have 2 so I don't think it will be a big deal. 1) edit /etc/iproute2/rt_realms, and add an entry for each ip address you want to monitor. The format is: so: 1 host1 2 host2 2) Then add rules to match the packets to realms. /sbin/ip rule add from 192.168.130.2/32 lookup table main realms host1(the realm name) /sbin/ip rule add from 192.168.130.3/32 lookup table main realms host2 This will assign the traffic from specific hosts to your realms for accounting, while still looking up the main routing table. After this is done, just type rtacct to to see the breakdown of packets on each realm(hence address) by to/from in bytes and number of packets. This may not be the way you were looking for, but hey...it works and it's fun. Hope this helps. ****************** Tom Steele Comm/Systems Engineer Children's Hospital Omaha, NE tsteele@chsomaha.org=20 -----Original Message----- From: Sebastian Taralunga [mailto:seba@tcx.ro] Sent: Thursday, March 14, 2002 7:43 AM To: VaibhaV Sharma Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] NAT statistics Thank you VaibhaV, Your script works just fine however my problem is to get traffic information about both downlink and uplink on a NAT server. Do you know what iptables rules should I use to be able to see such information? Right now my rules look like this (generated by iptables-save): *nat :PREROUTING ACCEPT [1372:944647] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.130.2 -j MASQUERADE -A POSTROUTING -s 192.168.130.3 -j MASQUERADE ----- Regards, Sebastian On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > Hello, > See the -v option in man iptables > > > -v, --verbose > Verbose output. This option makes the list command > show the interface address, the rule options (if > any), and the TOS masks. The packet and byte coun=AD > ters are also listed, with the suffix 'K', 'M' or > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli=AD > ers respectively (but see the -x flag to change > this). For appending, insertion, deletion and > replacement, this causes detailed information on > the rule or rules to be printed. > > > This would give you the amount of data transferred for each rule that you > have in ur firewall as one of the columns > > I wrote a small script to extract amount of data for each client I am > allowing FORWARD. The script takes the IP address of the machine you wanna > find info about as the command line parameter. > > ------------------------------------------------ > #!/bin/sh > > details=3D`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > bytes=3D`echo $details | cut -d" " -f1` > ip=3D`echo $details | cut -d" " -f2` > > echo "IP address $ip transferred $bytes bytes." > > ------------------------------------------------ > > The cut thingi's are customised to the output I get for my rules. Check > urs and modify. > > VaibhaV > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > wrote: > > > > > Hi, > > > > I want to be able to get statistics per IP address for both incoming and > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > actually have the same problem for a server running kernel v2.2.20, > > using ipchains.. Can anyone help me? > > > > Regards, > > > > Sebastian > > > \ \ > \------------------------------------------------------------------\ > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > \ |Exocore Consulting | http://www.exocore.com | \ | > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > \-----------------------------------------------------------------/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/