Hello, you can use the ipac-ng (http://sourceforge.net/projects/ipac-ng/) toolset to implement counters with iptables. ipac-ng generates iptables-rulesjust for accounting, this data can be summarized and even be graphed. ( i use mrtg for graphing the data, but ipac-ng includes a graph-generator itself) i hope that's what you were looking for Tobias On Thu, Mar 14, 2002 at 03:43:09PM +0200, Sebastian Taralunga wrote: > > Thank you VaibhaV, > > Your script works just fine however my problem is to get traffic information > about both downlink and uplink on a NAT server. Do you know what iptables rules > should I use to be able to see such information? Right now my rules look like > this (generated by iptables-save): > > *nat > :PREROUTING ACCEPT [1372:944647] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.130.2 -j MASQUERADE > -A POSTROUTING -s 192.168.130.3 -j MASQUERADE > > ----- > > Regards, > > Sebastian > > On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > > > Hello, > > See the -v option in man iptables > > > > > > -v, --verbose > > Verbose output. This option makes the list command > > show the interface address, the rule options (if > > any), and the TOS masks. The packet and byte coun > > ters are also listed, with the suffix 'K', 'M' or > > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli > > ers respectively (but see the -x flag to change > > this). For appending, insertion, deletion and > > replacement, this causes detailed information on > > the rule or rules to be printed. > > > > > > This would give you the amount of data transferred for each rule that you > > have in ur firewall as one of the columns > > > > I wrote a small script to extract amount of data for each client I am > > allowing FORWARD. The script takes the IP address of the machine you wanna > > find info about as the command line parameter. > > > > ------------------------------------------------ > > #!/bin/sh > > > > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep -v > > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > > > bytes=`echo $details | cut -d" " -f1` > > ip=`echo $details | cut -d" " -f2` > > > > echo "IP address $ip transferred $bytes bytes." > > > > ------------------------------------------------ > > > > The cut thingi's are customised to the output I get for my rules. Check > > urs and modify. > > > > VaibhaV > > > > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > > <seba@tcx.ro> wrote: > > > > > > > > Hi, > > > > > > I want to be able to get statistics per IP address for both incoming and > > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. I > > > actually have the same problem for a server running kernel v2.2.20, > > > using ipchains.. Can anyone help me? > > > > > > Regards, > > > > > > Sebastian > > > > > > \ \ > > \------------------------------------------------------------------\ > > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > > \ |Exocore Consulting | http://www.exocore.com | \ | > > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > > \-----------------------------------------------------------------/ > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
