Search squid archive

Re: Caching issue with http_port when running in transparent mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/06/2012 17:22, Hans Musil wrote:
Eliezer wrote:

one important thing to be aware of is that if you are using the same box
as a gateway and squidbox it's better to use the "redirect" instead of
DNAT.

you can always try to use:
http://nocat.net/downloads/NoCatSplash/

or to write your own helper.
it can be pretty simple to build such an helper and you will just need
to use some NAT chains\tables on iptables that will redirect any
connection to the world into the webserver with a login page that
connected to a script that will do some stuff in the iptables "allow"
table.

do you need to apply some username and password mechanism\auth or just
splash screen to agree some rules\agreement ?

Eliezer


Thanks again, Eliezer. The hint for the REDIRECT target is a good point.

NoCatSplash does not work for my as I need more control. Not only that users need to login, they also need to logout when done. Furthermore, I need to trigger a traffic quotation system from the login/out script. Also, web traffic needs to be logged. NoCatSplash seems not to be flexible enough.

Hans


well.
nocatspalash can be updated a bit to fit a login\logout.
i know that there was a tool for billing and quota
and it depends on the traffic quota basis you want.
if you want to supply internet traffic based only on web quota or also based on other network services quota.

i have implemented long ago a traffic meter using iptables and wrote it to a mysql DB.
and can be added to it a quota limit based on user\ ip.

if you want the idea then its':
create a web page to login logout with cgi based on passwd and user in db.
add to it a quota status if you want(preferably to yes).

in iptables rules you should create specific talbes for quota meter.
so the iptables should:
allow all users in lan traffic to the gw machine web site.
have tables that count traffic for each ip that will be added by the web scritps. have an helper that runs every 30 sec and dumps ip tables stats and reset the counter.
then parses the data from the file into db by users.
then checks if quota exceeded and set the proper iptables tables\rules and db flags for that user and.

i would run the helper every 30 secs for grace time but will run a specific login\logout script\program that will change the proper flags and counters in db for the user\ip.

this is a tutorial specific for iptablbes counter
http://www.catonmat.net/blog/traffic-accounting-with-iptables/
i have seen the thing with the DB here:
http://wiki.openvz.org/Traffic_accounting_with_iptables

you can use use snmp to pull the data from db using a script

to get a specific table data (like a custom one you can use)
iptables --line-number -xnvL FORWARD

iptables --line-number -xnvL  FORWARD |gawk '{print $1 " " $3 " " $10}'
this will give you the bytes statistics for each IP.

just remember that if you are using a proxy server you will also need to count the redirected\intercepted traffic in a intercept table.

i have found this nice thing to use snmp for monitoring:
http://www.nativenet.ch/content/view/28/51

and also this:

http://forums.cacti.net/viewtopic.php?t=8091&highlight=iptables


as for the exact way to measure clients traffic quota i'm sure there is a more "way forward" way then parsing the iptables stats.

but it's one of the best tools in linux world.

there is also the quota module of iptalbes but im not sure it's for this case.

so any way it's a big thing quota and users by itself.

i think it's doable if you will custom the iptables structure\schema for this specific use.
every time you check the current counter you can zero it specifically.


if you are up to the task of combining a psudo code for the whole process with me i will be happy to sit on it some time in from the next week.

Eliezer


<SNIP>
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux