Mon, 21 Jan 2002 19:13:30 +0200
On Mon, Jan 21, 2002 at 06:00:24PM, Cyril Porteret wrote:
> Ok you use rrdtool to process the datas but how do you grab the data ?
I have use the same engine that creates my firewall rules (A really
large, complex set of for and while loops) from a bunch of config files
which are really bash arrays to, instead of creating rules, rather grep
for the unique rule. I then pass each ports data specified in the rule
to a function which updates my rrd database. So I have a different rrd
database for each rule (which consists of a source and destination IP
and a number of allowed ports, one of which may be 0:).
> Do you set a rule in the FORWARD chain for each local ip ?
Basically, in my FORWARD chain I have a chain for each of my subnets and
DMZ, one incomming and one outgoing. I masquerade my LANS but not my
DMZs, but I get the data from the FORWARD chain as the masqueraded traffic
still needs to pass through it (and therefore get accounted). I have a
DENY all policy in all my major chains, so everything that goes through
my firewall I must specificly allow.
> How can you get the bandwidth used for each nated ips ?
What kind of NAT? As far as I know every type travels through the
FORWARD chain except maybe the OUTPUT chin in PRE and POSTROUTING.
But even in the nat table, accounting information is given.
Robert Mc Donald - Support Consultant
Obsidian Systems - Www.Obsidian.Co.Za