Hello, suse-security. i'm sorry to bother you with this question, but i've spent much time with this problem and haven't solved it yet. so, the situation: eth0 is connected to local network (vlan-29) (10.51.29.x) eth1 is connected to internet eth2 is connected to local network (vlan-30, vlan-31) (10.51.30.x and 10.51.31.x) there is a very big lan and just one server connects it to internet. i need to count traffic for all ips in lan (vlan-29,30,31) that goes from server (10.51.29.50 for vlan-29, 10.51.30.10 for vlans-30,31) to users. i count web traffic with squid, but i also need to count icq (we're using socks for it) and mail (everybody have mailboxes on server) traffic. masq enabled only for chosen users (not so many), so i don't need to count ftp, irc traffic. can anyone help me to solve this problem? thanks in advance. Friday, November 24, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
"vladimir m. bondarev"
Hello, suse-security.
i'm sorry to bother you with this question, but i've spent much time with this problem and haven't solved it yet.
so, the situation:
eth0 is connected to local network (vlan-29) (10.51.29.x) eth1 is connected to internet eth2 is connected to local network (vlan-30, vlan-31) (10.51.30.x and 10.51.31.x)
there is a very big lan and just one server connects it to internet. i need to count traffic for all ips in lan (vlan-29,30,31) that goes from server (10.51.29.50 for vlan-29, 10.51.30.10 for vlans-30,31) to users. i count web traffic with squid, but i also need to count icq (we're using socks for it) and mail (everybody have mailboxes on server) traffic. masq enabled only for chosen users (not so many), so i don't need to count ftp, irc traffic.
can anyone help me to solve this problem?
Hi Vlidimir, ipac (IP accounting) will solve your problems, the tarball (ipac-1.10.tar.gz) can be found at: http://linux.netsurf.de/files/console/adm/ Martin -- martin.peikert@innominate.com system engineer innominate AG clustering & security the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Hello, Martin. Friday, November 24, 2000, 12:14:54, you wrote to me: MP> ipac (IP accounting) will solve your problems, the tarball (ipac-1.10.tar.gz) MP> can be found at: http://linux.netsurf.de/files/console/adm/ thanks for answer, i've tryed it, but i'm getting errors from it, for example it says that there are more rules in kernel then in /var/log/ip-accountig-rules every 1 hour :( and the output is horrible. Friday, November 24, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
"vladimir m. bondarev"
thanks for answer, i've tryed it, but i'm getting errors from it, for example it says that there are more rules in kernel then in /var/log/ip-accountig-rules every 1 hour :(
If you get some errors, then there's something wrong. You should try to find the errors...
and the output is horrible.
The output is great: hydra:~ # ipacsum -g [...] Graph for rule "incoming all" time bytes 0 8282K 2000/10/26 11:17:59 ******* 2000/10/26 12:17:59 *************************** 2000/10/26 13:17:59 ****************************************************** Graph for rule "outgoing all" time bytes 0 1853K 2000/10/26 11:17:59 ******** 2000/10/26 12:17:59 **************************** 2000/10/26 13:17:59 ****************************************************** and using "ipacsum --png" will create http output... Martin -- martin.peikert@innominate.com system engineer innominate AG clustering & security the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Hello, Martin. Monday, November 27, 2000, 12:10:27, you wrote to me: MP> If you get some errors, then there's something wrong. You should try to find MP> the errors... yes, i've found the error. MP> > and the output is horrible. MP> The output is great: sorry, i forgot about ipacsum :) Monday, November 27, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
Hi Is there any Openssh for SuSE 6.4 or SuSE 7.x ? and also any instructions or any vrs. documentation that compilation Openssh Vrs. Data Fellows SSH ? thanks -ed
Hi Is there any Openssh for SuSE 6.4 or SuSE 7.x ? You should read the last Security Advisory. There are packages for openssh for SuSE 6.3 - 7.0.
bye Markus -- _____________________________ Markus Gaugusch ICQ 11374583 markus@gaugusch.dhs.org Linux only user
* vladimir m. bondarev wrote on Fri, Nov 24, 2000 at 10:41 +0300:
Hello, suse-security.
i'm sorry to bother you with this question, but i've spent much time with this problem and haven't solved it yet.
so, the situation:
eth0 is connected to local network (vlan-29) (10.51.29.x) eth1 is connected to internet eth2 is connected to local network (vlan-30, vlan-31) (10.51.30.x and 10.51.31.x)
there is a very big lan and just one server connects it to internet. i need to count traffic for all ips in lan (vlan-29,30,31) that goes from server (10.51.29.50 for vlan-29, 10.51.30.10 for vlans-30,31) to users.
This means you will count traffic for 3 class C networks? Makes around 700 rules, needs some performance... I solved the account-per-ip problem with my firewall script. Here some snippets: ACC_RANGE="192.168.9:9-11 192.168.11:1-254 192.168.12:1-254" ipchains -N account ipchains -A input -j account function account_ip() { if [ "$ACC_IP_RETURN" = "no" ] ; then return="" else return="-j RETURN" fi for ip ; do ipchains -A account -s $ip -b $return done } function account_one_range() { net=$1; from=$2; to=$3; echo "--> Accountings from $net.$from to $net.$to" if [ "$to" = "" ] ; then echo "Account-range: paramtererror $@" exit fi #exit declare -i n n=$from while true ; do account_ip "$net.$n" n=$n+1; if [ "$n" -gt "$to" ] ; then return fi done } function account_ranges() { for range ; do net=`echo "$range" |awk -F':' '{ print $1; }'` ips=`echo "$range" |awk -F':' '{ print $2; }'` from=`echo "$ips" |awk -F'-' '{ print $1; }'` to=`echo "$ips" |awk -F'-' '{ print $2; }'` account_one_range $net $from $to done } account_ranges $ACC_RANGE; (Please note, taht here ipchains is a function. A shortened version could look like: function ipchains() { #the wrapper CMD="/sbin/ipchains $@" retcode=0 MESS=`$CMD 2>&1` || ( retcode=$? ; echo -ne '\a' ; # beep echo "** FATAL ** command FAILED #$retcode" ) if [ "$MESS" != "" ] ; then echo "** WARNING ** returned message:" echo "$MESS" fi return retcode; } I hope I haven't forgot another subfunction :) This script generates rules to log traffic into the "account" chain. Another script helps to get this data on disk (this version with english outputs :)): http://sws.dett.de/mini/account-ip/ Excerpt from documentation: | The data is stored persistent in /var/log/accountings | ($sum_file). | You should call this script often (i.e. once an hour) in quite | mode ($0 -q) to keep this file uptodate. Once a day (or week | or...) you could call it by cron without parameters to get a mail | (STDOUT) with the formated output and resolved hostnames. Maybe it helps you or somebody :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hello, Steffen. Friday, November 24, 2000, 13:08:46, you wrote to me: thank you very much for your answer. i hope that it will help me (will try this tomorrow). SD> ACC_RANGE="192.168.9:9-11 192.168.11:1-254 192.168.12:1-254" the only thing i don't understand, how to set this range? what 192.168.9:9-11 mean? (sorry my stupid question. Friday, November 24, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
* vladimir m. bondarev wrote on Fri, Nov 24, 2000 at 19:41 +0300:
SD> ACC_RANGE="192.168.9:9-11 192.168.11:1-254 192.168.12:1-254"
the only thing i don't understand, how to set this range? what 192.168.9:9-11 mean? (sorry my stupid question.
This is the value for the variable ACC_RANGE. The code snippets that followed in the original mail are extracted from the firewall (bash-) script I use here. The function call looked just: account_ranges $ACC_RANGE; Haveing a variable here is neccesary in my script, since it parses an own configfile to get the options (I don't like sourceing since it may have side effects and so on). This variable is parsed in the following way be the code I posted: A incomplete class-C looking string describing a network except its last octet, i.e. for 192.168.9.x it's 192.168.9. This is followed by a colon and a range of IP addresses (the last octet). If you use 192.168.9:9-11 it stays for 192.168.9.9, 192.168.9.10 and 192.168.9.11. The class C network can be written as 192.168.9:1-254 (all IPs except .0== network and .255 == Broadcast). In constrast to the notation 192.168.9.0/24 or 192.168.9.0/255.255.255.0 the traffic for each IP address is meant, not the whole network. The code snippet generates 254 firewall accounting rules for an entry like 192.168.9:1-254. The other script that can be found under the postet URL is able to handle this. It evalutes the output from ipchains (or ipfwadm) and keeps the sums in a logfile /var/log/accountings. It generates nice output and is able to calculate estimated costs at a "per 1 GB traffic" base. Hope I were understandable this time. Have a nice weekend, list. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hello, Steffen. Saturday, November 25, 2000, 0:54:23, you wrote to me: SD> Hope I were understandable this time. Have a nice weekend, list. yes, thanks for detailed description. i just haven't know what 192.168.9:9-11 mean :) Saturday, November 25, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
Hello. my thanks to everyone for their answers. Friday, November 24, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
participants (5)
-
Eduardo J. Vega Arguedas -
Markus Gaugusch -
Martin Peikert -
Steffen Dettmer -
vladimir m. bondarev