I don't know if this is the "proper" way to go about doing this, but = here is one way you could get it done with ip rule and realms. This requires = the iproute2 package to be installed, and all of the pretty policy routing options enabled in the kernel. This would only be practical for a = small number of addresses, but it looks like you only have 2 so I don't think = it will be a big deal. 1) edit /etc/iproute2/rt_realms, and add an entry for each ip address = you want to monitor. The format is: <number> <realmname> so: 1 host1 2 host2 2) Then add rules to match the packets to realms. /sbin/ip rule add from 192.168.130.2/32 lookup table main realms = host1(the realm name) /sbin/ip rule add from 192.168.130.3/32 lookup table main realms host2 This will assign the traffic from specific hosts to your realms for accounting, while still looking up the main routing table. After this = is done, just type rtacct to to see the breakdown of packets on each realm(hence address) by to/from in bytes and number of packets. This = may not be the way you were looking for, but hey...it works and it's fun. Hope = this helps. ****************** Tom Steele Comm/Systems Engineer Children's Hospital Omaha, NE tsteele@chsomaha.org=20 -----Original Message----- From: Sebastian Taralunga [mailto:seba@tcx.ro] Sent: Thursday, March 14, 2002 7:43 AM To: VaibhaV Sharma Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] NAT statistics Thank you VaibhaV, Your script works just fine however my problem is to get traffic = information about both downlink and uplink on a NAT server. Do you know what = iptables rules should I use to be able to see such information? Right now my rules = look like this (generated by iptables-save): *nat :PREROUTING ACCEPT [1372:944647] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.130.2 -j MASQUERADE -A POSTROUTING -s 192.168.130.3 -j MASQUERADE ----- Regards, Sebastian On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > Hello, > See the -v option in man iptables > > > -v, --verbose > Verbose output. This option makes the list command > show the interface address, the rule options (if > any), and the TOS masks. The packet and byte coun=AD > ters are also listed, with the suffix 'K', 'M' or > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli=AD > ers respectively (but see the -x flag to change > this). For appending, insertion, deletion and > replacement, this causes detailed information on > the rule or rules to be printed. > > > This would give you the amount of data transferred for each rule that = you > have in ur firewall as one of the columns > > I wrote a small script to extract amount of data for each client I am > allowing FORWARD. The script takes the IP address of the machine you = wanna > find info about as the command line parameter. > > ------------------------------------------------ > #!/bin/sh > > details=3D`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | = grep -v > OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > bytes=3D`echo $details | cut -d" " -f1` > ip=3D`echo $details | cut -d" " -f2` > > echo "IP address $ip transferred $bytes bytes." > > ------------------------------------------------ > > The cut thingi's are customised to the output I get for my rules. = Check > urs and modify. > > VaibhaV > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > <seba@tcx.ro> wrote: > > > > > Hi, > > > > I want to be able to get statistics per IP address for both = incoming and > > outgoing traffic on a NAT server using iptables and kernel v2.4.18. = I > > actually have the same problem for a server running kernel v2.2.20, > > using ipchains.. Can anyone help me? > > > > Regards, > > > > Sebastian > > > \ \ > = \------------------------------------------------------------------\ > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ = | > \ |Exocore Consulting | http://www.exocore.com | \ = | > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S = \| > = \-----------------------------------------------------------------/ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: = http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
