Re: IP accounting with ipac-ng
Apologies for replying to my own post, I left something out.
On Fri, Nov 01, 2002 at 12:27:33PM +1100, Lucas Barbuto wrote:
> So I've installed the ipac-ng debian package and it works, but I'm a
> little dismayed at the lack of good documentation. I want to do
> accounting for every machine on my LAN, some Googling brought me to this
> # for total traffic, eth0 is the external interface
> Total Traffic Incoming|in|eth0|all||
> Total Traffic Outgoing|out|eth0|all||
> # for each client, 10.0.0.2 is the gateway
> LAN Client 3 Downloads|in|eth0|all|!10.0.0.2|10.0.0.3
> LAN Client 3 Uploads|out|eth0|all|10.0.0.3|!10.0.0.2
I think it should be this:
LAN Client 3 Downloads|in|eth0|all|0.0.0.0|10.0.0.3
LAN Client 3 Uploads|out|eth0|all|10.0.0.3|0.0.0.0
Which reads (to me) log all traffic coming in on eth0 from anywhere
destined for 10.0.0.3 (and the reverse for the uploads rule). But this
is different to the two solutions I found on groups.google.com.
I think the above way should work, shouldn't iptables be smart enough to
handle the dnat-ing and snat-ing?