Re: Win+ADSL-->Linux
Здравствуйте, BerKyT.
Вы писали 23 августа 2005 г., 22:02:07:
> Здравствуйте! Наверно, это уже обсуждалось, но помогите, пожалуйста, новичку!
> Есть компьютер1 (Windows) + ADSL-модем (Acorp). Подключен через USB. К модему
> через UTP подключен ноутбук2 (Windows). И подключен (UTP) также мой
> компьютер3. Нужно подсчитать трафик только компьютера3. Учет нужно вести на
> компьютере1 и на компьютере3. И еще была бы удобна возможность подсчета в
> денежном эквиваленте.
> Дайте ссылки на документацию по-подробнее на русском языке по теме.
Прикладываю статью с LinuxPortal, надеюся это то что надо.
--
С уважением,
Бриллиантов Кирилл mailto:brilliantov@inbox.ru
iptables traffic counter | Áèáëèîòåêà Ëèíóêñ ÏîðòàëàÍàøè
Ñàéäáàðû IRC-êàíàë
Linuxportal.ru Èìïîðò íîâîñòåé
ÔÎÐÓÌÛ ÁÈÁËÈÎÒÅÊÀ ÑÑÛËÊÈ ÍÎÂÎÑÒÈ ÁËÎÃ ÀÄÌÈÍÀ
Ïîèñê:
ÁÈÁËÈÎÒÅÊÀ
Äðóãèå ñòàòüè ýòîãî ðàçäåëà:
Ñåòü
"Îãíåííàÿ ñòåíà" èëè ñòðîèì ôàéðâîë íà áàçå iptables
Çàùèùåííàÿ ïî÷òîâàÿ ñèñòåìà
Postfix+Cyrus-SASL
Ñ÷èòàåì òðàôèê
Ìàñêàðàäèíã (masquerading) è òðàíñëÿöèè ip-àäðåñîâ (NAT)
Ýêîíîìèì êàæäûé áàéò èëè î íàñòðîéêå Squid
Linux è òî÷êè
Ìîíèòîðèíã çàãðóçêè êàíàëîâ
Ñîâðåìåííûå ðàñïðåäåëåííûå ôàéëîâûå ñèñòåìû äëÿ Linux:
Îñíîâíûå ñâåäåíèÿ
Ïðîñòàÿ àâòîðèçàöèÿ ïîëüçîâàòåëåé Squid â äîìåíå M$
FreeS/WAN è íàñòðîéêà äîñòóïà â Èíòåðíåò ÷åðåç MS Windows NT
ñåðâåð ñ èñïîëüçîâàíèåì PPTP-êëèåíòà
Íåêîòîðûå àñïåêòû çàùèòû êîìïüþòåðà îò âçëîìà
Îãðàíè÷åíèå ïðîïóñêíîé ñïîñîáíîñòè êàíàëà ñ ïîìîùüþ CBQ
Êàê èç êîìàíäíîé ñòðîêè îòïðàâèòü ïèñüìî ñ ïðèêðåïëåííûì
ôàéëîì
Óñòàíîâêà è íàñòðîéêà Squid-2.5.STABLE1 ñ PAM
àóòåíòèôèêàöèåé
Âõîäèì â Ëèíóêñ ïîä ó÷åòíîé çàïèñüþ èç NT-äîìåíà
Linux â êà÷åñòâå øëþçà ìåæäó ëîêàëüíûìè ñåòÿìè è Èíòåðíåò
Ïðîçðà÷íîå (ïðèíóäèòåëüíîå) ïðîêñèðîâàíèå HTTP è FTP â
FreeBSD è Linux ñ ïîìîùüþ Squid.
Çíàêîìñòâî ñ pppd
Netatalk
Ïîäêëþ÷àåìñÿ ê Èíòåðíåò ÷åðåç ìîäåì â ñîòîâîì òåëåôîíå
Äðóãèå ðàçäåëû áèáëèîòåêè:
Âûáåðèòå Hardware (9) Multimedia (2) X-ñåðâåð (11) Ðàçíîå
(10) Ñåòü (22) Ñèñòåìà (19)
ÁÈÁËÈÎÒÅÊÀ
ïîñëåäíèå ïîñòóïëåíèÿ:
Hardware
Ïåðåâîä Linux Power Management Support
03.04.2004 | San ÀÍÄÐÅÅÂ
Âàðèàíòû ðåøåíèÿ ïðîáëåì ñî ñìåùåíèåì ãåîìåòðèè ìîíèòîðà.
10.10.2003 | EsTaF
Ðóêîâîäñòâî ïî óñòàíîâêå NVIDIA Accelerated Linux Driver Set.
06.08.2003 | Alexey Dmitriev
Multimedia
VideoCD äëÿ ïèíãâèíîâ
10.10.2003 | Buddha
Ñìîòðèì ëþáèìûå ôèëüìû ñ ïîìîùüþ MPlayer
23.07.2003 | Alexey Dmitriev
X-ñåðâåð
ÍÀÑÒÐÎÉÊÀ ÑÅÐÂÅÐÀ XDMCP ÄËß WINDOWS-ÊËÈÅÍÒÎÂ
09.09.2004 | Kotjara
Type1 è truetype øðèôòû â LaTeX.
03.05.2004 | geekkoo
Ïî÷åìó Ìîçèëëà ïå÷àòàåò âìåñòî ðóññêèõ áóêâ ïóñòûå êâàäðàòû,
õîòÿ â PrintPreview âñå íîðìàëüíî?
18.08.2003 | geekkoo
Ðàçíîå
The Multi Router Traffic Grapher
02.06.2004 | Crion
Äîëæíîñòíàÿ èíñòðóêöèÿ ñèñòåìíîãî àäìèíèñòðàòîðà
04.04.2004 | San ÀÍÄÐÅÅÂ
GPL è LGPL: Ëèöåíçèðîâàíèå íîâûõ ïðîãðàìì ïî GPL. Ïðàâà è
îáÿçàííîñòè Ïîëüçîâàòåëÿ è Àâòîðà ïðîãðàììû. (×àñòü 2)
03.04.2004 | White_Mouse
Ñåòü
"Îãíåííàÿ ñòåíà" èëè ñòðîèì ôàéðâîë íà áàçå iptables
15.03.2005 | Alexey Dmitriev
Çàùèùåííàÿ ïî÷òîâàÿ ñèñòåìà
08.09.2004 | Crion
Postfix+Cyrus-SASL
18.12.2003 | geekkoo
Ñèñòåìà
test
09.08.2005 | Alexey Dmitriev
Îáíîâëÿåì ñ ïîìîùüþ apt SuSE 9.1 íà 9.2 èëè 9.3
24.05.2005 | CrownRU
Íàñòðîéêà ìóëüòèìåäèéíîé êëàâèàòóðû â êîíñîëè
26.02.2005 | serg_sk
ÁÈÁËÈÎÒÅÊÀÑåòü
Àâòîð ñòàòüè: Sergo
Äàòà: 30.07.2003
iptables traffic counter
Íå ïðåòåíäóþ íà íîâèçíó. Íî ïîòðàòèâ íåêîòîðîå âðåìÿ íà ïîèñêè
÷åãî-íèáóäü ïðîñòîãî è ïîäõîäÿùåãî ìíå, ê ñîæàëåíèþ, êàê âñåãäà
ïðèøåë ê âûâîäó ÷èòàéòå man è howto è ïîëüçóéòåñü /dev/hands.
Åñëè ÷åñòíî òî ïåðèîäè÷åñêè ëåíü áåðåò âåðõ
Èñïîëüçóåòñÿ òîëüêî IPTABLES è bash.
Êîíôèãóðàöèÿ:
RH 8.0 - Server/Firewall and etc
eth0 - ñìîòðèò íàðóæó IP: 192.168.0.10
eth1- ñìîòðèò â ìîþ local'êó IP: 10.0.0.1
 local'êå äâå ìàøèíû Workstation and Laptop, èíîãäà áðàò ïðèåçæàåò
ñ òðåòüåé ìàøèíîé, áóäåì íàçûâàòü åãî OTHER.
Çà îñíîâó âçÿòû íåêîòîðûå scripts ïóáëè÷íî äîñòóïíûå.
Íóæíî ñ÷èòàòü òðàôèê TCP êàê INBOUND òàê è OUTBOUND.
Òðàôèê ñ ïðîâàéäåðñêîé ñåòêîé.
Òðàôôèê ñ èíòåðíåòîì.
Íó è êîíå÷íî ñêîëüêî æðåò âíåøíåãî òðàôèêà êàæäàÿ ìàøèíà.
(P.S. Åñëè âñå ýòî áóäåò ïîëåçíî äëÿ êîãî-òî, òî ìíå áóäåò ïðèÿòíî)
Ïîåõàëè:
Íà÷íåì ñ òîãî ÷òî íàäî âñòàâèòü ïàðó ñòðî÷åê (íå ñîâñåì ïàðó íî êòî
õî÷åò ìîæåò âûíåñòè èõ â îòäåëüíûé ôàéë) â âàø script êîòîðûé
íàñòðàèâàåò iptables.
1. Ïåðåìåííûå èñïîëüçóåìûå â ñêðèïòå firwall'à:
IPTABLES="/sbin/iptables"
# 1.1 Your external device
INET_IP="192.168.0.10"
INET_IFACE="eth0"
# 1.2 Internet Service Provider's Network
ISP_IP="192.168.0.1"
ISP_IP_RANGE="192.168.0.0/24"
# Local Area Network configuration.
# your LAN's IP range and localnet host's IP. /24 means to only use
the first 24
# bits of the 32 bit IP address. the same as netmask 255.255.255.0
LAN_IP="10.0.0.1"
LAN_IP_RANGE="10.0.0.0/24"
LAN_IFACE="eth1"
LAN_IP_WORKSTATION="10.0.0.11"
LAN_IP_LAPTOP="10.0.0.10"
Ýòî ìû óñòàíîâèëè ïåðåìåííûå, êîòîðûå â äàëüíåéøåì áóäóò
èñïîëüçîâàòüñÿ, íó è äëÿ óäîáî÷èòàåìîñòè ïðèãîäÿòñÿ.
2. Íàñòðàèâàåì chains/öåïî÷êè INPUT, OUTPUT and FORWARD ÷òîáû
îòîáðàòü òðàôèêà êîòîðûé íàñ èíòåðåñóåò. Ïî êîìàíäå -j RETURN â
öåïî÷êàõ äëÿ ðàñ÷åòà òðàôôèêà, ïàêåò âåðíåòñÿ íà ñëåäóþùåå ïðàâèëî
êîòîðîå ñëåäóåò çà íàøèìè ïðàâèëàìè äëÿ INPUT, OUTPUT è FORWARD. Òàê
÷òî íå âîëíóéòåñü ìûøü íå ïðîñêî÷èò. Ýòè ïðàâèëà äîëæíû ñòîÿòü
ïåðâûìè â ñâîèõ öåïî÷êàõ.
# Ïåðåíàïðàâëÿåì òðàôèê âõîäÿùèé ñ âíåøíåãî óñòðîéñòâà
$IPTABLES -A INPUT -d $INET_IP -i $INET_IFACE -j TRAFFIC
# Ïåðåíàïðàâëÿåì òðàôèê ëîêàëüíîé ñåòè
$IPTABLES -A FORWARD -o $LAN_IFACE -d $LAN_IP_RANGE -j TRAFFIC_FW
$IPTABLES -A FORWARD -s $LAN_IP_RANGE -o $INET_IFACE -j TRAFFIC_FW
# Ïåðåíàïðàâëÿåì òðàôèê èñõîäÿùèé ñ âíåøíåãî óñòðîéñòâà
$IPTABLES -A OUTPUT -s $INET_IP -o $INET_IFACE -j TRAFFIC
3. Äàëåå íàñòðàèâàåì chains/öåïî÷êè êîòîðûå áóäåì èñïîëüçîâàòü äëÿ
ðàñ÷åòà òðàôèêà
# Create separate chains for TRAFFIC Counter
$IPTABLES -N TRAFFIC
# Äëÿ òðàôèêà ñ localnet
$IPTABLES -N TRAFFIC_FW
# Äëÿ IN òðàôèêà âàøåãî ñåðâåðà
$IPTABLES -N TRAFFIC_TCP_INBOUND
# Äëÿ OUT òðàôèêà âàøåãî ñåðâåðà
$IPTABLES -N TRAFFIC_TCP_OUTBOUND
# Your overall INBOUND and OUTBOUND traffic with external network
except ISP ip range
# Âàø INBOUND and OUTBOUND traffic ñ âíåøíåé ñåòüþ çà èñêëþ÷åíèåì
ïðîâàéäåðñêîé ïîäñåòè
$IPTABLES -N TRAFFIC_TCP_INBOUND_EXT
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_EXT
# Your overall INBOUND and OUTBOUND traffic with ISP network
# Âàø INBOUND and OUTBOUND traffic ñ ïðîâàéäåðñêîé ïîäñåòüþ
$IPTABLES -N TRAFFIC_TCP_INBOUND_ISP
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_ISP
# Your overall INBOUND and OUTBOUND traffic of your server
$IPTABLES -N TRAFFIC_TCP_INBOUND_SERVER
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_SERVER
# Your overall INBOUND and OUTBOUND traffic of your local network
$IPTABLES -N TRAFFIC_TCP_INBOUND_FRWD
$IPTABLES -N TRAFFIC_TCP_INBOUND_WS
$IPTABLES -N TRAFFIC_TCP_INBOUND_LAPTOP
$IPTABLES -N TRAFFIC_TCP_INBOUND_LNET
#
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_FRWD
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_WS
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_LAPTOP
$IPTABLES -N TRAFFIC_TCP_OUTBOUND_LNET
4. Äàëåå íàñòðàèâàåì chains/öåïî÷êè ÷òîáû îíè ðàáîòàëè òàê êàê íàì
íóæíî è ðàçáðàñûâàëè òðàôèê ïî ïîäöåïî÷êàì (Áóäüòå âíèìàòåëüíû íå
âñå êîìàíäû óìåñòèëèñü íà îäíîé ñòðîêå)
#
# Create content for TRAFFIC chains
#*********************************************************** *****
# Îñíîâíàÿ öåïî÷êà, çäåñü ôèëüòðóåòñÿ òðàôèê äëÿ ñåðâåðà íà IN and
OUT
$IPTABLES -A TRAFFIC -p tcp -d $INET_IP -i $INET_IFACE -j
TRAFFIC_TCP_INBOUND
$IPTABLES -A TRAFFIC -p tcp -s $INET_IP -o $INET_IFACE -j
TRAFFIC_TCP_OUTBOUND
$IPTABLES -A TRAFFIC -j RETURN
# Îñíîâíàÿ öåïî÷êà çäåñü ôèëüòðóåòñÿ òðàôèê äëÿ localnetwork íà IN
and OUT
$IPTABLES -A TRAFFIC_FW -p tcp -d $LAN_IP_RANGE -o $LAN_IFACE -j
TRAFFIC_TCP_INBOUND_FRWD
$IPTABLES -A TRAFFIC_FW -p tcp -s $LAN_IP_RANGE -o $INET_IFACE -j
TRAFFIC_TCP_OUTBOUND_FRWD
$IPTABLES -A TRAFFIC_FW -j RETURN
# Èñõîäÿùèé òðàôèê ñ localnetwork
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -s $LAN_IP_LAPTOP -o
$INET_IFACE -j TRAFFIC_TCP_OUTBOUND_LAPTOP
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -s $LAN_IP_WORKSTATION -o
$INET_IFACE -j TRAFFIC_TCP_OUTBOUND_WS
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -s $LAN_IP_RANGE -o
$INET_IFACE -j TRAFFIC_TCP_OUTBOUND_LNET
# Redirect äëÿ ïîäñ÷åòà òðàôèêà äëÿ ISP è Internet
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -s $LAN_IP_RANGE -o
$INET_IFACE -d $ISP_IP_RANGE -j TRAFFIC_TCP_OUTBOUND_ISP
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -s $LAN_IP_RANGE -o
$INET_IFACE ! -d $ISP_IP_RANGE -j TRAFFIC_TCP_OUTBOUND_EXT
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_FRWD -j RETURN
# Èñõîäÿùèé òðàôèê ñ Work Station
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_WS -j RETURN
# Èñõîäÿùèé òðàôèê ñ Laptop
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_LAPTOP -j RETURN
# Èñõîäÿùèé òðàôèê ñ OTHER ò.å. âåñü îñòàâøèéñÿ
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_LNET -j RETURN
# Èñõîäÿùèé òðàôèê ñ Server/Firewall
# Redirect äëÿ ïîäñ÷åòà òðàôôèêà äëÿ ISP è Internet
$IPTABLES -A TRAFFIC_TCP_OUTBOUND -s $INET_IP -o $INET_IFACE -d
$ISP_IP_RANGE -j TRAFFIC_TCP_OUTBOUND_ISP
$IPTABLES -A TRAFFIC_TCP_OUTBOUND -s $INET_IP -o $INET_IFACE ! -d
$ISP_IP_RANGE -j TRAFFIC_TCP_OUTBOUND_EXT
$IPTABLES -A TRAFFIC_TCP_OUTBOUND -s $INET_IP -o $INET_IFACE -j
TRAFFIC_TCP_OUTBOUND_SERVER
$IPTABLES -A TRAFFIC_TCP_OUTBOUND -j RETURN
# Òðàôèê ïðåäíàçíà÷åííûé äëÿ ISP
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_ISP -j RETURN
# Òðàôèê ïðåäíàçíà÷åííûé äëÿ Internet
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_EXT -j RETURN
# Èñõîäÿùèé òðàôèê ñ Server/Firewall
$IPTABLES -A TRAFFIC_TCP_OUTBOUND_SERVER -j RETURN
# Âõîäÿùèé òðàôèê íà Server/Firewall
# Redirect äëÿ ïîäñ÷åòà òðàôèêà îò ISP è Internet
$IPTABLES -A TRAFFIC_TCP_INBOUND -d $INET_IP -i $INET_IFACE -s
$ISP_IP_RANGE -j TRAFFIC_TCP_INBOUND_ISP
$IPTABLES -A TRAFFIC_TCP_INBOUND -d $INET_IP -i $INET_IFACE ! -s
$ISP_IP_RANGE -j TRAFFIC_TCP_INBOUND_EXT
$IPTABLES -A TRAFFIC_TCP_INBOUND -d $INET_IP -i $INET_IFACE -j
TRAFFIC_TCP_INBOUND_SERVER
$IPTABLES -A TRAFFIC_TCP_INBOUND -j RETURN
# Îò ISP
$IPTABLES -A TRAFFIC_TCP_INBOUND_ISP -j RETURN
# Îò Internet
$IPTABLES -A TRAFFIC_TCP_INBOUND_EXT -j RETURN
# Âõîäÿùèé òðàôèê íà Server/Firewall
$IPTABLES -A TRAFFIC_TCP_INBOUND_SERVER -j RETURN
# Âõîäÿùèé òðàôèê íà localnetwork
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -d $LAN_IP_LAPTOP -o
$LAN_IFACE -j TRAFFIC_TCP_INBOUND_LAPTOP
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -d $LAN_IP_WORKSTATION -o
$LAN_IFACE -j TRAFFIC_TCP_INBOUND_WS
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -d $LAN_IP_RANGE -o $LAN_IFACE
-j TRAFFIC_TCP_INBOUND_LNET
# Redirect äëÿ ïîäñ÷åòà òðàôèêà îò ISP è Internet
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -d $LAN_IP_RANGE -o $LAN_IFACE
-s $ISP_IP_RANGE -j TRAFFIC_TCP_INBOUND_ISP
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -d $LAN_IP_RANGE -o $LAN_IFACE
! -s $ISP_IP_RANGE -j TRAFFIC_TCP_INBOUND_EXT
$IPTABLES -A TRAFFIC_TCP_INBOUND_FRWD -j RETURN
# Âõîäÿùèé òðàôèê íà Workstation
$IPTABLES -A TRAFFIC_TCP_INBOUND_WS -j RETURN
# Âõîäÿùèé òðàôèê íà Laptop
$IPTABLES -A TRAFFIC_TCP_INBOUND_LAPTOP -j RETURN
# Âõîäÿùèé òðàôèê íà OTHER ò.å. âñå îòàëüíûå
$IPTABLES -A TRAFFIC_TCP_INBOUND_LNET -j RETURN
Ñ íàñòðîéêàìè iptables ïîêîí÷åíî
5. Äàëåå ïèøåì ñêðèïò êîòîðûé âûïîëíÿåòñÿ cron/êðîíîì îí áóäåò
çàïðàøèâàòü iptables, ïîäñ÷èòûâàòü è âûâîäèòü îò÷åòû ïî òðàôèêó ëèáî
íà /dev/stdout ëèáî â ôàéë ïóòü ê êîòîðîìó óêàçûâàåòñÿ â íà÷àëå
ñêðèïòà.
Ïðèìåð êîìàíäû çàïóñêà ñêðèïòà: /sbin/traflog -s -p
Äàííàÿ êîìàíäà âûâîäèò íà /dev/stdout ñòàòèñòèêó äëÿ âàøåãî ñåðâåðà.
( Áóäòå âíèìàòåëüíû Âûâîä â ôàéë ïî óìîë÷àíèþ. )
#!/bin/sh
#
# traflog - logger of iptable's statistic
#
# Path to your system iptables
IPTABLES="/sbin/iptables"
# Path to dir with log output
F_PATH="/var/log/firewall/traflog"
#
# Files have names like 'YearMonthDate . whose trafic
F_LNET="$F_PATH/"`date +"%Y%m%d"`".lnet"
F_SERV="$F_PATH/"`date +"%Y%m%d"`".serv"
F_OVER="$F_PATH/"`date +"%Y%m%d"`".over"
F_ALL="$F_PATH/"`date +"%Y%m%d"`".all"
LAPTOP_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_LAPTOP -v -x -n | grep RETURN | head -c 18 | tail -c 9`
WS_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_WS -v -x -n | grep RETURN | head -c 18 | tail -c 9`
LNET_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_LNET -v -x -n | grep RETURN | head -c 18 | tail -c 9`
LNET_ISP_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_FRWD -v -x -n | grep TRAFFIC_TCP_INBOUND_ISP | head -c 18 | tail -c 9`
LNET_EXT_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_FRWD -v -x -n | grep TRAFFIC_TCP_INBOUND_EXT | head -c 18 | tail -c 9`
LAPTOP_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_LAPTOP -v -x -n | grep RETURN | head -c 18 | tail -c 9`
WS_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_WS -v -x -n | grep RETURN | head -c 18 | tail -c 9`
LNET_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_LNET -v -x -n | grep RETURN | head -c 18 | tail -c 9`
LNET_ISP_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_FRWD -v -x -n | grep TRAFFIC_TCP_OUTBOUND_ISP | head -c 18 | tail -c 9`
LNET_EXT_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_FRWD -v -x -n | grep TRAFFIC_TCP_OUTBOUND_EXT | head -c 18 | tail -c 9`
SERVER_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND_SERVER -v -x -n | grep RETURN | head -c 18 | tail -c 9`
SERVER_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND_SERVER -v -x -n | grep RETURN | head -c 18 | tail -c 9`
SERVER_ISP_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND -v -x -n | grep TRAFFIC_TCP_INBOUND_ISP | head -c 18 | tail -c 9`
SERVER_ISP_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND -v -x -n | grep TRAFFIC_TCP_OUTBOUND_ISP | head -c 18 | tail -c 9`
SERVER_EXT_IN=`$IPTABLES -L TRAFFIC_TCP_INBOUND -v -x -n | grep TRAFFIC_TCP_INBOUND_EXT | head -c 18 | tail -c 9`
SERVER_EXT_OUT=`$IPTABLES -L TRAFFIC_TCP_OUTBOUND -v -x -n | grep TRAFFIC_TCP_OUTBOUND_EXT | head -c 18 | tail -c 9`
SERVER_OVR_IN=`expr $SERVER_EXT_IN + $SERVER_ISP_IN`
SERVER_OVR_OUT=`expr $SERVER_EXT_OUT + $SERVER_ISP_OUT`
OVR_ISP_IN=`expr $LNET_ISP_IN + $SERVER_ISP_IN`
OVR_ISP_OUT=`expr $LNET_ISP_OUT + $SERVER_ISP_OUT`
OVR_EXT_IN=`expr $LNET_EXT_IN + $SERVER_EXT_IN`
OVR_EXT_OUT=`expr $LNET_EXT_OUT + $SERVER_EXT_OUT`
OVR_IN=`expr $SERVER_OVR_IN + $LNET_IN`
OVR_OUT=`expr $SERVER_OVR_OUT + $LNET_OUT`
OVERALL=`expr $OVR_IN + $OVR_OUT`
############################################################ #####
# Here is output for local network #
############################################################ #####
localtraf() {
echo "" >> $F_LNET
echo `date +"%d/%m/%Y %T"`" TRAFFIC FOR LOCAL NET" >> $F_LNET
echo "Input Output Description" >> $F_LNET
echo "$LAPTOP_IN $LAPTOP_OUT Laptop" >> $F_LNET
echo "$WS_IN $WS_OUT Workstation:" >> $F_LNET
echo "$LNET_ISP_IN $LNET_ISP_OUT Local Network to TSP" >> $F_LNET
echo "$LNET_EXT_IN $LNET_EXT_OUT Local Network to Internet" >> $F_LNET
echo "------------------------------------------------------ --------------" >> $F_LNET
echo "$LNET_IN $LNET_OUT Overall for Local Network" >> $F_LNET
}
############################################################ #####
# Here is output for Server #
############################################################ #####
servertraf() {
echo "" >> $F_SERV
echo `date +"%d/%m/%Y %T"`" TRAFFIC FOR SERVER" >> $F_SERV
echo "Input Output Description" >> $F_SERV
echo "$SERVER_IN $SERVER_OUT Server" >> $F_SERV
echo "$SERVER_ISP_IN $SERVER_ISP_OUT Server to ISP" >> $F_SERV
echo "$SERVER_EXT_IN $SERVER_EXT_OUT Server to Internet" >> $F_SERV
echo "------------------------------------------------------ --------------" >> $F_SERV
echo "$SERVER_OVR_IN $SERVER_OVR_OUT Overall for Server" >> $F_SERV
}
############################################################ #####
# Here is output for Overall #
############################################################ #####
overalltraf() {
echo "" >> $F_OVER
echo `date +"%d/%m/%Y %T"`" OVERALL TRAFFIC FOR: "`hostname` >> $F_OVER
echo "Input Output Description" >> $F_OVER
echo "$LNET_IN $LNET_OUT LOCAL NETWORK" >> $F_OVER
echo "$SERVER_OVR_IN $SERVER_OVR_OUT SERVER" >> $F_OVER
echo "$OVR_ISP_IN $OVR_ISP_OUT With ISP" >> $F_OVER
echo "$OVR_EXT_IN $OVR_EXT_OUT Internet" >> $F_OVER
echo "------------------------------------------------------ --------------" >> $F_OVER
echo "$OVR_IN $OVR_OUT TOTALL" >> $F_OVER
}
############################################################ #####
# Here is short output for Overall #
############################################################ #####
shorttraf() {
echo `date +"%d/%m/%Y %T"`" INBOUND: $OVR_IN OUTBOUND: $OVR_OUT" >> $F_ALL
}
resettraf() {
$IPTABLES -Z
}
case "$1" in
-b)
if [ "$2" = "-p" ]; then
F_ALL="/dev/stdout"
fi
shorttraf
if [ "$2" = "-r" ]; then
resettraf
fi
RETVAL=0
;;
-o)
if [ "$2" = "-p" ]; then
F_OVER="/dev/stdout"
fi
overalltraf
if [ "$2" = "-r" ]; then
resettraf
fi
RETVAL=0
;;
-l)
if [ "$2" = "-p" ]; then
F_LNET="/dev/stdout"
fi
localtraf
if [ "$2" = "-r" ]; then
resettraf
fi
RETVAL=0
;;
-s)
if [ "$2" = "-p" ]; then
F_SERV="/dev/stdout"
fi
servertraf
if [ "$2" = "-r" ]; then
resettraf
fi
RETVAL=0
;;
-a)
if [ "$2" = "-p" ]; then
F_ALL="/dev/stdout"
F_LNET="/dev/stdout"
F_SERV="/dev/stdout"
F_OVER="/dev/stdout"
fi
localtraf
servertraf
overalltraf
shorttraf
if [ "$2" = "-r" ]; then
resettraf
fi
RETVAL=0
;;
*)
echo $"usage: traflog [-bolsa] [-pr]"
echo $" -b log Overall traffic statistic in brif"
echo $" -o log only Overall statistic"
echo $" -l log internet traffic for local network"
echo $" -s log internet traffic for server"
echo $" -a log internet traffic for All"
echo $" -r reset statistic in ALL chains of iptables"
echo $" -p display statistic information only on /dev/stdout"
echo $""
echo $" log path: $FILE"
exit 1
esac
exit $RETVAL
6. È ïîñëåäíåå êèäàåì óêàçàííóþ íèæå ñòðî÷êó â /etc/crontab èëè êàê
îí ó âàñ íàçûâàåòñÿ, è æäåì 23:55 êàæäîãî äíÿ ÷òîáû ïîñìîòðåòü
ñòàòèñòèêó äíÿ. Åñëè íàòåðïèòñÿ âûâîäèòå êîìàíäîé /sbin/traflog -a
-p íà ýêðàí.
55 23 * * * root /etc/firewall/traflog -a -r
( Íåïðåìåííî ñ êëþ÷îì -r ÷òîáû ñáðîñèòü ñòàòèñòèêó çà ïðîøåäøèé
äåíü. )
P.S. Äëÿ òåõ êòî íå çíàåò êàê ðàáîòàåò iptables
Èìåéòå ââèäó òðàôèê âàøåé ëîêàëüíîé ñåòè êîòîðûé èäåò íàðóæó â
öåïî÷êè INPUT and OUTPUT íå ïîïàäàåò, à ïðîõîäèò ÷åðåç FORWARD.
Ïðî÷èòàéòå ïî iptable íà:
http://www.opennet.ru/docs/RUS/iptables/index.html
Âñå ñòàòüè ðàçäåëà "Ñåòü"
Âåðñèÿ äëÿ ïå÷àòè
©"Linuxportal.Ru". Ìàòåðèàëû ñàéòà ìîæíî
èñïîëüçîâàòü ñâîáîäíî ïðè óñëîâèè
ñîõðàíåíèÿ ýòîé ñâîáîäû ïðè äàëüíåéøåì
ðàñïðîñòðàíåíèè, åñëè ÿâíî íå óêàçàíî èíîå
Äèçàéí è ïðîãðàììèðîâàíèå:
Ìàêñèì Áåëîóñîâ aka BelMax
Powered by pMachine Pro 2.3
Ïîñòàâüòå
íàøó êíîïêó:
Ïîëó÷èòü êîä êíîïêè
Íàø ïàðòíåð:
Reply to: