[linux] Ip accounting
tuxo
patol na host.sk
Úterý Leden 14 22:08:46 CET 2003
use sasacct
tuxo
On Tue, 14 Jan 2003, bodik wrote:
> Ahoj,
>
> Uz som to prehodil, bohuzial, nevyznam sa v tom velmi, a ohladne accountingu s iptables som nenasiel na webe nic :(
> Tu je vypis z rc.masq_firewall:
>
> IPTABLES="/sbin/iptables"
> #externa ip
> EXTIF="eth1"
> #maskovana siet
> INTIF="eth0"
>
> echo " clearing any existing rules and setting default policy.."
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -F INPUT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -F OUTPUT
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD
> $IPTABLES -t nat -F
>
> echo " FWD: Allow all connections OUT and only existing and related ones IN"
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
>
> a tu z rc.accounting :
>
> EXTERNAL_INTERFACE="eth1"
> IPTABLES="iptables"
> INTERNAL_HOSTS=" 192.168.0.1 192.168.0.2 192.168.0.3 "
>
> for HOST in $INTERNAL_HOSTS; do
>
> echo "Creating Chain for $HOST"
> $IPTABLES -N $HOST
>
> # incoming jump rule
> $IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -d $HOST -j $HOST
>
> # outgoing jump rule
> $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -s $HOST -j $HOST
>
> # incoming accounting chain
> $IPTABLES -A $HOST -o $EXTERNAL_INTERFACE -d $HOST
>
> # outgoing accounting chain
> $IPTABLES -A $HOST -i $EXTERNAL_INTERFACE -s $HOST
>
> done;
>
> iptables -L -nvx vypise:
>
> Chain INPUT (policy ACCEPT 554 packets, 50657 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 661 441423 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 782 90770 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
> 0 0 192.168.0.1 all -- * eth1 0.0.0.0/0 192.168.0.1
> 0 0 192.168.0.1 all -- eth1 * 192.168.0.1 0.0.0.0/0
> 0 0 192.168.0.2 all -- * eth1 0.0.0.0/0 192.168.0.2
> 0 0 192.168.0.2 all -- eth1 * 192.168.0.2 0.0.0.0/0
> 0 0 192.168.0.3 all -- * eth1 0.0.0.0/0 192.168.0.3
> 0 0 192.168.0.3 all -- eth1 * 192.168.0.3 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 381 packets, 115048 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain 192.168.0.1 (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 all -- * eth1 0.0.0.0/0 192.168.0.1
> 0 0 all -- eth1 * 192.168.0.1 0.0.0.0/0
>
> Chain 192.168.0.2 (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 all -- * eth1 0.0.0.0/0 192.168.0.2
> 0 0 all -- eth1 * 192.168.0.2 0.0.0.0/0
>
> Chain 192.168.0.3 (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 all -- * eth1 0.0.0.0/0 192.168.0.3
> 0 0 all -- eth1 * 192.168.0.3 0.0.0.0/0
>
>
> cize procita traffic za cely interface ale jednotlivo uz nie. co tu mam nastavit inac ? pomoze aj odkaz na nejake www.
>
> dakujem
>
>
>
> ----- Original Message -----
> From: "Juraj Bednar" <juraj na bednar.sk>
> To: <linux na lists.linux.sk>
> Sent: Monday, January 13, 2003 10:40 PM
> Subject: Re: [linux] Ip accounting
>
>
> > Ahoj,
> >
> > > $IPTABLES -N $HOST
> > > $IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -d $HOST -j HOST
> >
> > chyba ti $. Ak mas -o $EXTERNAL_INTERFACE, urcite ti to nepojde na host
> > $HOST, skor to z neho pride, takze vymenit -o a -d.
> >
> > > $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -s $HOST -j $HOST
> > > $IPTABLES -A $HOST -o $EXTERNAL_INTERFACE -d $HOST
> > > $IPTABLES -A $HOST -i $EXTERNAL_INTERFACE -s $HOST
> >
> > ...
> >
> >
> > J.
> >
> >
>
--
*-----------------------------------------------*
| system administrator | ++ ircnet> tuxo |
| wi-fi admin of minet.sk | ++ icq> 103002031 |
| web> www.tuxo.sk | tuxo na websupport.sk |
*-----------------------------------------------*
Další informace o konferenci linux