* iptables for bandwidth tracking
@ 2010-01-06 3:46 Michael Nguyen
2010-01-06 12:13 ` John Haxby
2010-01-06 13:34 ` Mart Frauenlob
0 siblings, 2 replies; 3+ messages in thread
From: Michael Nguyen @ 2010-01-06 3:46 UTC (permalink / raw)
To: netfilter
Hey guys,
Our servers are in a managed hosting solution where we do not have
access to our switch. We have a lot of users that use our VPN solution
and I'd like to better track their bandwidth usage. I'm considering two
options for this:
- Using one of the many libpcap daemons to monitor and record traffic
patterns
- Use iptables
Each VPN node has the possibility of 64,000 IP addresses so if I used
iptables, I'd need to create iptables rules for each of those IP
addresses. That seems silly to me, but am I better off doing that than
running a daemon that at the end of the day will basically do the same
thing? Thanks in advance.
Michael
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables for bandwidth tracking
2010-01-06 3:46 iptables for bandwidth tracking Michael Nguyen
@ 2010-01-06 12:13 ` John Haxby
2010-01-06 13:34 ` Mart Frauenlob
1 sibling, 0 replies; 3+ messages in thread
From: John Haxby @ 2010-01-06 12:13 UTC (permalink / raw)
To: Michael Nguyen; +Cc: netfilter
On 06/01/10 03:46, Michael Nguyen wrote:
>
> - Using one of the many libpcap daemons to monitor and record traffic
> patterns
> - Use iptables
>
> Each VPN node has the possibility of 64,000 IP addresses so if I used
> iptables, I'd need to create iptables rules for each of those IP
> addresses. That seems silly to me, but am I better off doing that
> than running a daemon that at the end of the day will basically do the
> same thing? Thanks in advance.
Are those 64K addresses all in one subnet? Then something like
iptables -A FORWARD -s 10.0.0.0/16 -j node1
iptables -A FORWARD -d 10.0.0.0/16 -j node1
iptables -A FORWARD -s 10.1.0.0/16 -j node2
... and so on
Then you can just collect the stats as and when you feel the need.
The advantage of that is that it's very easy to do and has very little
performance impact (I believe).
On the other hand, the various libpcap daemons that I came across when I
was looking for something for home might be better suited to what you're
after.
jch
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables for bandwidth tracking
2010-01-06 3:46 iptables for bandwidth tracking Michael Nguyen
2010-01-06 12:13 ` John Haxby
@ 2010-01-06 13:34 ` Mart Frauenlob
1 sibling, 0 replies; 3+ messages in thread
From: Mart Frauenlob @ 2010-01-06 13:34 UTC (permalink / raw)
To: netfilter
On 06.01.2010 05:16, netfilter-owner@vger.kernel.org wrote:
> Hey guys,
>
> Our servers are in a managed hosting solution where we do not have
> access to our switch. We have a lot of users that use our VPN solution
> and I'd like to better track their bandwidth usage. I'm considering two
> options for this:
>
> - Using one of the many libpcap daemons to monitor and record traffic
> patterns
> - Use iptables
>
> Each VPN node has the possibility of 64,000 IP addresses so if I used
> iptables, I'd need to create iptables rules for each of those IP
> addresses. That seems silly to me, but am I better off doing that than
> running a daemon that at the end of the day will basically do the same
> thing? Thanks in advance.
>
>
You might take a look at the ACCOUNT target from xtables-addons.
http://xtables-addons.sourceforge.net/
regards
Mart
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-01-06 13:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-06 3:46 iptables for bandwidth tracking Michael Nguyen
2010-01-06 12:13 ` John Haxby
2010-01-06 13:34 ` Mart Frauenlob
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox