On Fri, 3 Sep 2004, andybr wrote:
> Hi all,
>
> I have a firewall central which a control the
> download/upload bandwidth with cbq of 9 differents
> networks. Now i need some help from you. I would like
> to use mrtg+snmp to reports these bandwidth to show per
> ip, how? any idea? tips?
>
A simple iptables rule (that doesn't do anything ?) and the small
perl-script below that I made.
2 rules that don't do anything:
iptables -t filter -I FORWARD -s network1/netmask
iptables -t filter -I FORWARD -d network1/netmask
or rules that make all traffic pass a set of rules specifically for that
network:
iptables -t filter -I FORWARD -s network1/netmask -j NET1
iptables -t filter -I FORWARD -d network1/netmask -j NET1
well... that's the simplest (not terrible efficient) way... :-)
#!/usr/bin/perl
$iptables = "/sbin/iptables"; # Adjust these to fit your site
$uptime = "/usr/bin/uptime";
$host = "whitecat";
$chain = ${ARGV[0]};
$_ = `$iptables -t filter -nvxL FORWARD | grep $chain`;
@iets = split ("\n", $_);
foreach $LINE (@iets) {
# iptables prints source destination (so ip\s+0\/0 means out)
if ($LINE =~ /[0-9]+\.[0-9]+\s+0\.0\.0\.0\/0/) {
$LINE =~ s/^\s*\d+\s+(\d+).*$/$1/s;
$out = $LINE;
$out .= "\n";
} else {
$LINE =~ s/^\s*\d+\s+(\d+).*$/$1/s;
$in = $LINE;
$in .= "\n";
}
}
print ($in.$out);
($uptime = `$uptime`) =~ s/^.*up (.*,[\d: ]+),.*$/$1/s;
print "$uptime\n$host\n";
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
