Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Iptrafvolume
« previous next »
Pages: [1]   Go Down

Iptrafvolume

  • 0 Replies
  • 392 Views

simpleone

Iptrafvolume
« on: July 15, 2002, 06:24:01 AM »
Hi all,

Can someone help with this. I want to setup some IP accountign on my e-smith 5.5 box, below is what they they tell you to do with ipchains. Is any of this going to screw my system up

Step 1 - Counting in-&outgoing bytes with your firewall
=======================================================

Install ipchains and verify if it works by running the command:

# ipchains -L

It shouldnt complain about missing kernel support etc.

Add a chain like this:

# ipchains -N account

or

# iptables -N account

Now we mark _all_ bytes in the input and output chain so we can examine/count
them in the following lines, first mark them with:

# iptables -A INPUT -s 0/0 -d 0/0 -j account
# iptables -A OUTPUT -s 0/0 -d 0/0 -j account
(For iptables: Make sure these are infront of any others, lookup in
/etc/sysconfig/iptables or iptables -L | more)

or

# ipchains -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j account
# ipchains -A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j account

Then add two lines, which do the trick of counting bytes.

We need the following information:

 = Your inet addr (lookup with ifconfig)
= Your net addr (lookup with route)
= Your netmask (again with route)

# iptables -A account -s /255.255.255.255 -d ! YOUR_NET/YOUR_MASK
# iptables -A account -s ! YOUR_NET/YOUR_MASK -d /255.255.255.255

or

# ipchains -A account -s /255.255.255.255 -d ! YOUR_NET/YOUR_MASK -b
The -b because we want to make a bidirectional rules: one with -s & -d
reversed are automaticly created.(_only for ipchains_)


An example for a static ip could be:
------------------------------------

# route
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
  241.143.0.0     *               255.255.0.0     U     0      0        0 eth0
# ifconfig

  eth0 Link encap:Ethernet  HWaddr 00:X0:BX:F3:B8:4A
       inet addr:241.143.143.15 Bcast:241.143.255.255  Mask:255.255.0.0

# -A account -s 241.143.143.15/255.255.255.255 -d ! 241.143.0.0/255.255.0.0 -b

( Completly fiction netaddresses )

( OPTIONAL: You can change the default logging path by editing the source.
$logrootabs = q'/var/log/iptrafvol/';   # Specify logging path )
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Iptrafvolume