Well, iptables accounting thingi would give you bytes transferred only for the rules that you have in your firewall. Its a cruddy way of doing things, but if you want both incoming and outgoing traffic logging, put in dummy rules for incoming and outgoing traffic on a per IP basis. e.g. just giving you an example, by default, all incoming packets are set to ACCEPT in the INPUT chain. If you wanna know how much traffic is coming from your clients to your machine, put in INPUT ACCEPT rules for each machine. You'll now get bytes transferred for these rules. Extract the info and use. This would get cruddy if you have tons of machines sitting behind your firewall. Better way to do is to use some network sniffing tool which can generate stats, which ofcourse is not in the scope of discussions of this list. I dunno if there is a better way of doing this using iptables. Maybe someone else can shed some light on this. VaibhaV On Thu, 14 Mar 2002 15:43:09 +0200 (EET) "Sebastian Taralunga" <seba@tcx.ro> wrote: > > Thank you VaibhaV, > > Your script works just fine however my problem is to get traffic > information about both downlink and uplink on a NAT server. Do you know > what iptables rules should I use to be able to see such information? > Right now my rules look like this (generated by iptables-save): > > *nat > :PREROUTING ACCEPT [1372:944647] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A POSTROUTING -s 192.168.130.2 -j MASQUERADE > -A POSTROUTING -s 192.168.130.3 -j MASQUERADE > > ----- > > Regards, > > Sebastian > > On Thu, 14 Mar 2002, VaibhaV Sharma wrote: > > > Hello, > > See the -v option in man iptables > > > > > > -v, --verbose > > Verbose output. This option makes the list command > > show the interface address, the rule options (if > > any), and the TOS masks. The packet and byte coun > > ters are also listed, with the suffix 'K', 'M' or > > 'G' for 1000, 1,000,000 and 1,000,000,000 multipli > > ers respectively (but see the -x flag to change > > this). For appending, insertion, deletion and > > replacement, this causes detailed information on > > the rule or rules to be printed. > > > > > > This would give you the amount of data transferred for each rule that > > you have in ur firewall as one of the columns > > > > I wrote a small script to extract amount of data for each client I am > > allowing FORWARD. The script takes the IP address of the machine you > > wanna find info about as the command line parameter. > > > > ------------------------------------------------ > > #!/bin/sh > > > > details=`/sbin/iptables -L -v -n | grep ACCEPT | grep -v INPUT | grep > > -v OUTPUT | tr -s " " | grep $1 | cut -d" " -f 3,9,12` > > > > bytes=`echo $details | cut -d" " -f1` > > ip=`echo $details | cut -d" " -f2` > > > > echo "IP address $ip transferred $bytes bytes." > > > > ------------------------------------------------ > > > > The cut thingi's are customised to the output I get for my rules. > > Check urs and modify. > > > > VaibhaV > > > > > > On Thu, 14 Mar 2002 11:30:01 +0200 (EET) "Sebastian Taralunga" > > <seba@tcx.ro> wrote: > > > > > > > > Hi, > > > > > > I want to be able to get statistics per IP address for both incoming > > > and outgoing traffic on a NAT server using iptables and kernel > > > v2.4.18. I actually have the same problem for a server running > > > kernel v2.2.20, using ipchains.. Can anyone help me? > > > > > > Regards, > > > > > > Sebastian > > > > > > \ \ > > \------------------------------------------------------------------\ > > \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | > > \ |Exocore Consulting | http://www.exocore.com | \ | > > \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| > > \-----------------------------------------------------------------/ > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > \ \ \------------------------------------------------------------------\ \ |VaibhaV Sharma | vaibhav@exocore.com | L I N U X \ | \ |Exocore Consulting | http://www.exocore.com | \ | \|Bangalore, India | +91(80)3440397,3341137 | R O C K S \| \-----------------------------------------------------------------/
