I've tried to set up ipac 1.10 on my Linux router/firewall (Debian) which also performes traffic control via CBQ.
What I want is to create graphs of bandwidth consumption from Internet hosts to internal hosts. I don't want to specify protocols, instead I want to count any kind of traffic. But I want to exclude some hosts from the sum (those on the internal LAN) because there's an ethernet link with them and I want to count only traffic which comes from the Internet link (64Kbps Frame Relay).
The network topology is as shown:
Cisco router (F/R)
|
|
+-- mail server
}
|
} public subnet
+-- www server
}
|
| (eth0)
linux router
(eth4) / \ (eth3)
/ \
internal LANs
} private subnet
Firstly I tried to count incoming traffic on eth0 (rule: from ! public, to all), it worked well for overall traffic but when I tried to specify destination internal hosts/subnets no traffic was shown. I realized this happened due to IP masquerading, which is performed on the Linux router AFTER ip accounting.
So the next thing was to perform ip accounting on internal interfaces (eth3 & eth4). Since there's traffic between internal subnets through the linux router, I want also to exclude these from addresses. So now rules are: from ! public internal, to hostA hostB etc.)
The real rule is as follows:
Incoming Testing|out|eth3|all|! 192.168.0.0/16 62.81.192.64/28|192.168.101.162
ipacset -D gives me the following:
/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 192.168.0.0/16
-d 192.168.101.162
/sbin/ipchains --append ipac_out -i eth3 -p all -s ! 62.81.192.64/28
-d 192.168.101.162
62.81.192.64/28 is the public subnet. The fact is that after some testing ipac is counting internal traffic. I did a ftp transfer from 192.168.101.3 (the linux router) to 192.168.101.162 and it was shown in the graphs (424Kbps, 16Mbytes total, impossible to be Internet traffic on only two minutes with a 64Kbps link). This computer was not doing any other kind of traffic at this time.
I think ipacsum does not work well whith parameter '! 192.168.0.0/16 62.81.192.64/28' which generates two rules. Maybe second rule overwrites first one. I don't find any other explanation.
My answer is, am I the first one person that has tried something similar until now? Or is this a known bug? Are there any workarounds? Am I doing something wrong? Why is all of this so frustrating?
Many thanks in advance.
-- José Carlos Ramírez Pérez mailto:JoseCarlos.Ramirez@xxxxxxxxxxx ___________________________________________________ ISOTROL S.A. Avda. de la innovación nº 1, 3ª plta, 41020 Sevilla Tel.:+34 955 036 800 - Fax:+34 955 036 849 (Spain) web: http://www.isotrol.com/
