From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
Date: Fri, 07 Feb 2003 16:45:04 +0000
Subject: Re: [LARTC] Count no of hosts
Message-Id: <marc-lartc-104463634314735@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104460339709945@msgid-missing>
In-Reply-To: <marc-lartc-104460339709945@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


 : Is there any way to dynamically measure the no of concurrent internal
 : hosts (IP's) utilising the linux NAT Gateway/forwarding box.

If you have root level access to the box, you can use a bit of shell to
determine the number of concurrent "clients" in any given instant.  This
assumes, of course, that you don't have an internally SNATed/masqueraded
network which {c,w}ould hide more clients.

ipchains?

# /sbin/ipchains -MnL | awk '/[0-9][0-9]:[0-9][0-9]/{print $3}' \
>  | sort | uniq | wc -l

iptables?

# awk '/(ESTABLISHED|ASSURED)/{print $5}' /proc/net/ip_conntrack \
>  | sort | uniq

Naturally with iptables, you'll need to know a bit more about your use of
the connection tracking to disambiguate any inbound or internal to DMZ
connections to accurately count your SNAT/MASQUERADEd connections.

The above shell is not designed with efficiency in mind (obviously), but
you get the idea.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/