Re: Using iptables for bandwidth mesurement

[Joel Newkirk <netfilter@newkirk.us>]

On Monday 06 January 2003 05:43 am, Marco Simon wrote:
> Hello netfilter-group,
>
> we are using iptables on our gateway-server for doing NAT and
> package-filtering.
>
> Actually one of our hosting-customers wants to be informed how much
> off of our bandwidth to the internet (1.5 MBit maximum) is used, in
> order to avoid that some of his "homepage - guests" are not able
> visite his site due lack of bandwidth. Is there any way, how I can use
> IPtables for giving him a report about the bandwith usage ? e.g. how
> can I get the current bandwidth - usage on a special interface ?
>
> The other point we need, is an report about the traffic which comes up
> between our cusomers web-server (which is inside our lan, packages
> will have to pass the firewall) and the outside-world. How can I set
> up such a service using iptalbes ??
>
> Thanks for any comment !

Look into software packages that are addressed through the ULOG target to 
perform detailed accounting of traffic.  There are several available, 
IIRC, which can sift, sort, and map the data collected on all the 
traffic through the firewall, so long as you set an appropriate "-j 
ULOG" rule. 

A quick and dirty answer to part two is to use "iptables -L -v -n" and a 
rule at the start of your FORWARD chain which does nothing but match ALL 
traffic outbound from that customer's server, but has no target.  The 
rule will then count packets and bytes but not actually DO anything.  
This is NOT a good solution, but you can use it for rough numbers over a 
short period.  (if the firewall is reset, or the counts reset, then 
everything is lost)  Just zero the counts, (iptables -Z, or iptables -Z 
FORWARD) and after a period of time list the rules with "-v" and check 
the packet and byte counts.  If you want to try this without zeroing all 
counts, just remove and reinsert the rule.

j