Книга: Linux Network Administrator Guide, Second Edition
Accounting by Address
Accounting by Address
Let's work with an example to illustrate how we'd use IP accounting.
Imagine we have a Linux-based router that serves two departments at the Virtual Brewery. The router has two Ethernet devices, eth0 and eth1, each of which services a department; and a PPP device, ppp0, that connects us via a high-speed serial link to the main campus of the Groucho Marx University.
Let's also imagine that for billing purposes we want to know the total traffic generated by each of the departments across the serial link, and for management purposes we want to know the total traffic generated between the two departments.
The following table shows the interface addresses we will use in our example:
| iface | address | netmask |
|---|---|---|
| eth0 | 172.16.3.0 | 255.255.255.0 |
| eth1 | 172.16.4.0 | 255.255.255.0 |
To answer the question, "How much data does each department generate on the PPP link?", we could use a rule that looks like this:
# ipfwadm -A both -a -W ppp0 -S 172.16.3.0/24 -b
# ipfwadm -A both -a -W ppp0 -S 172.16.4.0/24 -b
or:
# ipchains -A input -i ppp0 -d 172.16.3.0/24
# ipchains -A output -i ppp0 -s 172.16.3.0/24
# ipchains -A input -i ppp0 -d 172.16.4.0/24
# ipchains -A output -i ppp0 -s 172.16.4.0/24
and with iptables:
# iptables -A FORWARD -i ppp0 -d 172.16.3.0/24
# iptables -A FORWARD -o ppp0 -s 172.16.3.0/24
# iptables -A FORWARD -i ppp0 -d 172.16.4.0/24
# iptables -A FORWARD -o ppp0 -s 172.16.4.0/24
The first half of each of these set of rules say, "Count all data traveling in either direction across the interface named ppp0 with a source or destination (remember the function of the -b flag in ipfwadm and iptables) address of 172.16.3.0/24. " The second half of each ruleset is the same, but for the second Ethernet network at our site.
To answer the second question, "How much data travels between the two departments?", we need a rule that looks like this:
# ipfwadm -A both -a -S 172.16.3.0/24 -D 172.16.4.0/24 -b
or:
# ipchains -A forward -s 172.16.3.0/24 -d 172.16.4.0/24 -b
or:
# iptables -A FORWARD -s 172.16.3.0/24 -d 172.16.4.0/24
# iptables -A FORWARD -s 172.16.4.0/24 -d 172.16.3.0/24
These rules will count all datagrams with a source address belonging to one of the department networks and a destination address belonging to the other.
Оглавление книги
- Internet Service Providers who use assigned IP addresses
- Kernel Address Space
- Address-Based Virtual Hosts
- Specifying Client IP Addresses
- Physical Address Extension (PAE)
- 2.3.3. Addressing
- Chapter 10. IP Accounting
- Chapter 11. IP Masquerade and Network Address Translation
- IP Addresses
- Address Resolution
- Assigning IP Addresses
- Choosing IP Addresses