Traffic Accounting on Small System and User Limits.

Traffic Accounting on Small System and User Limits.

[Don Gould]

This is a requirement for a small system I'm building for a local motel 
to be able to give internet access away free to their customers.

I have looked in to a bunch of different stuff but don't know the best 
way to go.  I know this might not even be the right list to ask on, so 
please be kind. :)

OPEN SOURCE GPL PLEASE - I have already done some work on some systems 
to get me what I want...  all the work I'm doing is on open source stuff 
and is/will be made available back to the community, so, if you have a 
need for this work as well but can't help, then please feel free to drop 
me a line and I'll keep you informed.

1. I want to keep a record of the amount of data each user uses over a 
given amount of time.  I know the users IP number and their MAC address. 
  I modified DNSMasq [1] to tell me this each time the user issues a 
DHCP request.

2.  It is proposed that each MAC will be given 50mb of data to use. 
After this the user/MAC will have to be authorised to have more.

The servers I'm using will run Debian Saige and are only small - p2 or 3 
with ~30 to 64mb ram and 2 - 3gb hard disk.  Each server only has to 
look after < 50 clients and in most cases wouldn't get more than 10 
using it at a time.

My problem is that I don't know how I should count the data used in a 
light weight way.

I've read that packet counting programs can be CPU intensive.

vnstat looked good but doesn't count by IP or MAC (from what I can see).


I read in some of the netfilter documentation (which is fantastic btw) 
that iptables can place limits on accounts, but didn't fully understand it.

Can anyone make any recommendations?

TIA

Cheers Don

[1] The code is rough and still have debug statements in it, see: 
http://www.tcn.bowenvale.co.nz/content/view/44/35/

I'm no C programmer so please don't flame me :)  Be kind :)

-- 
Don Gould
www.thinkdesignprint.co.nz - www.tcn.bowenvale.co.nz - 
www.bowenvale.co.nz - www.hearingbooks.co.nz - SkypeMe: 
ThinkDesignPrint - Good ideas:  www.solarking.co.nz

Re: Traffic Accounting on Small System and User Limits.

[Bo Yang]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Don Gould :
> This is a requirement for a small system I'm building for a local
> motel to be able to give internet access away free to their
> customers.
>
> I have looked in to a bunch of different stuff but don't know the
> best way to go.  I know this might not even be the right list to
> ask on, so please be kind. :)
>
> OPEN SOURCE GPL PLEASE - I have already done some work on some
> systems to get me what I want...  all the work I'm doing is on open
>  source stuff and is/will be made available back to the community,
> so, if you have a need for this work as well but can't help, then
> please feel free to drop me a line and I'll keep you informed.
>
> 1. I want to keep a record of the amount of data each user uses
> over a given amount of time.  I know the users IP number and their
> MAC address.  I modified DNSMasq [1] to tell me this each time the
> user issues a DHCP request.
If you just want to get how many bytes a user used in a given range of
time , iptalbes can do it very nicely !
iptables -t filter -A forword  -s {your user ip}
>
> 2.  It is proposed that each MAC will be given 50mb of data to use.
>  After this the user/MAC will have to be authorised to have more.
You can use iptables quota module to accomplish this .
>
> The servers I'm using will run Debian Saige and are only small - p2
>  or 3 with ~30 to 64mb ram and 2 - 3gb hard disk.  Each server only
>  has to look after < 50 clients and in most cases wouldn't get more
>  than 10 using it at a time.
Oh , bad  hardware  ~
 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFFHKdP7tZp58UCwyMRAtsFAKC7PQ2zlFtdbwtTAtuPOcRe345auwCaA8aj
rKiCK4X1fDgjZT6euB0b7nQ=
=g8nB
-----END PGP SIGNATURE-----

Re: Traffic Accounting on Small System and User Limits.

[Don Gould]

Bo Yang wrote:
>> 1. I want to keep a record of the amount of data each user uses
>> over a given amount of time.  I know the users IP number and their
>> MAC address.  I modified DNSMasq [1] to tell me this each time the
>> user issues a DHCP request.
> If you just want to get how many bytes a user used in a given range of
> time , iptalbes can do it very nicely !
> iptables -t filter -A forword  -s {your user ip}

Thanks very much.  I'll read up on that.

>> 2.  It is proposed that each MAC will be given 50mb of data to use.
>>  After this the user/MAC will have to be authorised to have more.
> You can use iptables quota module to accomplish this .

I'll read up on that as well.

>> The servers I'm using will run Debian Saige and are only small - p2
>>  or 3 with ~30 to 64mb ram and 2 - 3gb hard disk.  Each server only
>>  has to look after < 50 clients and in most cases wouldn't get more
>>  than 10 using it at a time.
> Oh , bad  hardware  ~

Yes.  Case of reusing something the customer already has.  My mission is
to get motels in my area giving away data to their customers for free in
the hope that I can then get interest from the city to do the same.

I want to show the advantages of giving tourists free access to
communications so they can show off our country to the world while
they're hear.

However we have to pay for data so I can't just do a 'free for all'.

Some motels charge their customers and are paying for better hardware.
I'm trying to find a balance.

Thank you very much again for your help.

Cheers Don
-- 
Don Gould
www.thinkdesignprint.co.nz - www.tcn.bowenvale.co.nz -
www.bowenvale.co.nz - www.hearingbooks.co.nz - SkypeMe:
ThinkDesignPrint - Good ideas:  www.solarking.co.nz

Re: Traffic Accounting on Small System and User Limits.

[Don Gould]

Bo Yang wrote:

> If you just want to get how many bytes a user used in a given range of
> time , iptalbes can do it very nicely !
> iptables -t filter -A forword  -s {your user ip}

Ok, I fried this bit...

I assumed you'd done a type o and 'forword' should be forwArd.

[root@bowenvale ~]# iptables -t filter -A forward  -s 192.168.2.148
iptables: No chain/target/match by that name

I'm sure I'm not understanding something, sorry if I'm being dumb.

Cheers Don
-- 
Don Gould
www.thinkdesignprint.co.nz - www.tcn.bowenvale.co.nz - 
www.bowenvale.co.nz - www.hearingbooks.co.nz - SkypeMe: 
ThinkDesignPrint - Good ideas:  www.solarking.co.nz

Re: Traffic Accounting on Small System and User Limits.

[Don Gould]

http://translate.google.com/translate?u=http%3A%2F%2Fopenskills.info%2Finfobox.php%3FID%3D1157&langpair=it%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

Does this example mean that the limit is applied to just the one IP of 
10.0.0.5 ?



Don Gould wrote:
> This is a requirement for a small system I'm building for a local motel 
> to be able to give internet access away free to their customers.
> 
> I have looked in to a bunch of different stuff but don't know the best 
> way to go.  I know this might not even be the right list to ask on, so 
> please be kind. :)
> 
> OPEN SOURCE GPL PLEASE - I have already done some work on some systems 
> to get me what I want...  all the work I'm doing is on open source stuff 
> and is/will be made available back to the community, so, if you have a 
> need for this work as well but can't help, then please feel free to drop 
> me a line and I'll keep you informed.
> 
> 1. I want to keep a record of the amount of data each user uses over a 
> given amount of time.  I know the users IP number and their MAC address. 
>  I modified DNSMasq [1] to tell me this each time the user issues a DHCP 
> request.
> 
> 2.  It is proposed that each MAC will be given 50mb of data to use. 
> After this the user/MAC will have to be authorised to have more.
> 
> The servers I'm using will run Debian Saige and are only small - p2 or 3 
> with ~30 to 64mb ram and 2 - 3gb hard disk.  Each server only has to 
> look after < 50 clients and in most cases wouldn't get more than 10 
> using it at a time.
> 
> My problem is that I don't know how I should count the data used in a 
> light weight way.
> 
> I've read that packet counting programs can be CPU intensive.
> 
> vnstat looked good but doesn't count by IP or MAC (from what I can see).
> 
> 
> I read in some of the netfilter documentation (which is fantastic btw) 
> that iptables can place limits on accounts, but didn't fully understand it.
> 
> Can anyone make any recommendations?
> 
> TIA
> 
> Cheers Don
> 
> [1] The code is rough and still have debug statements in it, see: 
> http://www.tcn.bowenvale.co.nz/content/view/44/35/
> 
> I'm no C programmer so please don't flame me :)  Be kind :)
> 

-- 
Don Gould
www.thinkdesignprint.co.nz - www.tcn.bowenvale.co.nz - 
www.bowenvale.co.nz - www.hearingbooks.co.nz - SkypeMe: 
ThinkDesignPrint - Good ideas:  www.solarking.co.nz

Re: Traffic Accounting on Small System and User Limits.

[Don Gould]

http://www.collaborium.org/onsite/benin/docs/services/NETFILTER_RELATED/netfilter-extensions/netfilter-extensions-HOWTO.html#toc3.11

Ok this makes some sense to me, but how to I apply it to an individual
MAC or IP?


-- 
Don Gould
www.thinkdesignprint.co.nz - www.tcn.bowenvale.co.nz -
www.bowenvale.co.nz - www.hearingbooks.co.nz - SkypeMe:
ThinkDesignPrint - Good ideas:  www.solarking.co.nz