Thank you VaibhaV, Your script works just fine however my problem is to get traffic informatio= n about both downlink and uplink on a NAT server. Do you know what iptables r= ules should I use to be able to see such information? Right now my rules look li= ke this (generated by iptables-save): *nat :PREROUTING ACCEPT [1372:944647] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.130.2 -j MASQUERADE -A POSTROUTING -s 192.168.130.3 -j MASQUERADE ----- Regards, Sebastian On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > Hello, > See the -v option in man iptables > > > -v, --verbose > Verbose output. This option makes the list command > show the interface address, the rule options (if > any), and the TOS masks. The packet and byte coun=AD > ters are also listed, with the suffix 'K', 'M' or > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli=AD > ers respectively (but see the -x flag to change > this). For appending, insertion, deletion and > replacement, this causes detailed information on > the rule or rules to be printed. > > > This would give you the amount of data transferred for each rule that you > have in ur firewall as one of the columns > > I wrote a small script to extract amount of data for each client I am > allowing FORWARD. The script takes the IP address of the machine you wann= a > find info about as the command line parameter. > > ------------------------------------------------ > #!/bin/sh > > details=3D`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -= v > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > bytes=3D`echo $details | cut -d" " -f1` > ip=3D`echo $details | cut -d" " -f2` > > echo "IP address $ip transferred $bytes bytes." > > ------------------------------------------------ > > The cut thingi's are customised to the output I get for my rules. Check > urs and modify. > > VaibhaV > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > <seba@tcx.ro> wrote: > > > > > Hi, > > > > I want to be able to get statistics per IP address for both incoming an= d > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > actually have the same problem for a server running kernel v2.2.20, > > using ipchains.. Can anyone help me? > > > > Regards, > > > > Sebastian > > > \ \ > \------------------------------------------------------------------\ > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > \ |Exocore Consulting | http://www.exocore.com | \ | > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > \-----------------------------------------------------------------/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
