On Thu, 30 Sep 2004 11:19:25 -0700, Daniel Chemko <dchemko@xxxxxxxxxx> wrote:
>
> The way I track this kind of information is from netfilter/iptables.
>
> In the PREROUTING and POSTROUTING chains, you implement 'null' targets
> to add an internal netfilter counter to the packet stream.
>
> # Detect all outgoing web traffic from that subnet
> iptables -t mangle -A PREROUTING --source ${mynet}/${mymask} -p tcp
> --dport 80
> # Return Traffic
> iptables -t mangle -A PREROUTING --destination ${mynet}/${mymask} -p tcp
> --sport 80
>
Another thing I'm interested in is the total number of current
connections. Does /proc/net/ip_conntrack provide this info? I've
taken my iptables firewall offline, and I would expect
/proc/net/ip_conntrack to show very few connections, but it seems to
still have quite a bit of historical connections left in it.
Basically, what I want to be able to do is graph the number of
connections as a function of time with MRTG. I just need to make sure
I'm grabbing the right information. The output of "iptables -nvxL"
seems to be total packets processed. Thanks again for any tips.
--
Jiann-Ming Su
"I have to decide between two equally frightening options.
If I wanted to do that,
I'd vote." --Duckman
