| View previous topic :: View next topic |
| Author |
Message |
friction
Tux's lil' helper
Joined: 16 Sep 2002
Posts: 109
|
 Posted: Fri Mar 07, 2003 9:06 am Post subject: Monitoring Network Usage |
 |
|
| I'm running Gentoo on a box that just sits in another room and does masquerading/firewall - I'd like to have a way to know how much data gets sent to what internal IP addresses to identify where our download limit is going - is there a way to do this? |
|
| Back to top |
|
 |
TheQuickBrownFox
n00b
Joined: 08 Oct 2002
Posts: 37
|
| Posted: Fri Mar 07, 2003 11:24 am Post subject: |
|
|
One way to do this, is to run a squid proxy on the masq box and force people to use the proxy. This will also save some bandwidth.
There are plenty of tools to analyse squid logs to see exactly who surfed what and how much.
A
_________________
-- jumps over the lazy dog |
|
| Back to top |
|
|
psp
Tux's lil' helper
Joined: 06 Aug 2002
Posts: 120
Location: Cape Town, South Africa
|
| Posted: Fri Mar 07, 2003 1:51 pm Post subject: |
|
|
If you are doing a simple MASQ for all your ip's you'll have to set this up...
Create a new iptables chain in the PREROUTING/POSTROUTING chain for each of the internal addresses. The target (-j) for this chain can be ACCEPT. Like this:
| Code: | # For incoming traffic - check _your_ interfaces
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2 -j ACCEPT
# For outgoing traffic
iptables -t mangle -A PREROUTING -i eth1 -s 192.168.1.2 -j ACCEPT
|
This will create a chain which packets will traverse for each host. The ouput from a iptables -t mangle -nvL will show you the total packets and total bytes traversed over this chain.
Hope this helps.... |
|
| Back to top |
|
|
friction
Tux's lil' helper
Joined: 16 Sep 2002
Posts: 109
|
| Posted: Fri Mar 07, 2003 11:05 pm Post subject: |
|
|
So I would set up a chain for each of the 253 possible addresses?
Guess that wouldn't be too hard to script.
I guess I figured there would be some kind of SNMP daemon that you could run.
| psp wrote: | If you are doing a simple MASQ for all your ip's you'll have to set this up...
Create a new iptables chain in the PREROUTING/POSTROUTING chain for each of the internal addresses. The target (-j) for this chain can be ACCEPT. Like this:
| Code: | # For incoming traffic - check _your_ interfaces
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2 -j ACCEPT
# For outgoing traffic
iptables -t mangle -A PREROUTING -i eth1 -s 192.168.1.2 -j ACCEPT
|
This will create a chain which packets will traverse for each host. The ouput from a iptables -t mangle -nvL will show you the total packets and total bytes traversed over this chain.
Hope this helps.... |
|
|
| Back to top |
|
|
nh8as
n00b
Joined: 01 Mar 2003
Posts: 26
Location: Norway
|
| Posted: Fri Mar 07, 2003 11:14 pm Post subject: |
|
|
Does'nt mrtg have an option for this?
_________________
Say no to Americas war on Iraq! |
|
| Back to top |
|
|
antik
Apprentice
Joined: 01 Oct 2002
Posts: 212
|
| Posted: Fri Mar 07, 2003 11:15 pm Post subject: Re: Monitoring Network Usage |
|
|
| friction wrote: | | I'm running Gentoo on a box that just sits in another room and does masquerading/firewall - I'd like to have a way to know how much data gets sent to what internal IP addresses to identify where our download limit is going - is there a way to do this? |
Here is utility called iptraf. |
|
| Back to top |
|
|
antik
Apprentice
Joined: 01 Oct 2002
Posts: 212
|
| Posted: Fri Mar 07, 2003 11:19 pm Post subject: Re: Monitoring Network Usage |
|
|
| And if you want more advanced stuff go with Nagios. |
|
| Back to top |
|
|
friction
Tux's lil' helper
Joined: 16 Sep 2002
Posts: 109
|
| Posted: Sat Mar 08, 2003 9:21 am Post subject: Re: Monitoring Network Usage |
|
|
| antik wrote: | | friction wrote: | | I'm running Gentoo on a box that just sits in another room and does masquerading/firewall - I'd like to have a way to know how much data gets sent to what internal IP addresses to identify where our download limit is going - is there a way to do this? |
Here is utility called iptraf. |
Nice clean tool, but not much good over SSH because it artificially inflates the amounts (ssh client being updated as fast as it can), and there doesn't seem to be a way to get it to log summary info to disk.
I'll give nagios a shot and see how it goes |
|
| Back to top |
|
|
antik
Apprentice
Joined: 01 Oct 2002
Posts: 212
|
| Posted: Tue Mar 11, 2003 9:17 pm Post subject: Re: Monitoring Network Usage |
|
|
Here goes again ntop.
_________________
"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp |
|
| Back to top |
|
|
friction
Tux's lil' helper
Joined: 16 Sep 2002
Posts: 109
|
| Posted: Fri Mar 14, 2003 10:01 am Post subject: |
|
|
I went with the iptables method, and modified my script to make a rule for each IP a la:
| Code: |
ipnum=2
while [ "$ipnum" -lt 255 ]
do
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED \
-d 192.168.0.$ipnum -j ACCEPT
ipnum=`expr $ipnum + 1`
done
|
And then used this command to strip unused ips:
| Code: |
iptables -L FORWARD -v | grep " 0\|-- eth1" -v
|
Just make sure when you zero your table to start the bit counts again you use -Z for ZERO, not -F for FLUSH, which kills your ssh session  |
|
| Back to top |
|
|
|
Networking & Security
