IP Accounting with IPCHAINS

IP Accounting with IPCHAINS

Post by Scott Braus » Wed, 20 Jan 1999 04:00:00



    I am using IPCHAINS as my firewall.  I have a number of machines on an
external network.  I am trying to use the IP accounting features to track
packets sent/received from all of these machines on the external network.
They are NOT using the linux box with IPCHAINS as a router.
    IPCHAINS does not seem to report any packets sent received if they are
not homed on an interface card on the machine that linux is running on.
    Has anyone been down this road.  Any responses are appreciated.

Scott

 
 
 

1. How do I setup ip accounting with ipchains?

Hi,

I've got 3 computers here. 2 windows 95 machines and one Linux
internet gateway:

        192.168.10.2 (Win 95)
        192.168.10.25 (Win 95)
        192.168.10.1 (Linux)

The Linux-box masquerades all packets going to the internet and uses
ip forwarding. I'm connected using dynamic ip and ppp0 as device.
Now I want to setup ip accounting so I could see the amount of data
that the machines (192.168.10.2 and 192.168.10.25) produce, both
incoming and outgoing (if possible I would like these split into two
seperate parts).

I've read the manual but I can't figure out how to do it. The manual
only deals with a single computer going to the internet and not with
an entire LAN. Can anyone send me an example for ip accounting with
ipchains. I only need the accounting rules, the rest is already
working.
I already tried making seperate chains with "ipchains -N pc1_input"
"ipchains -N pc1_output" etc. and then adding the rules there.
It's also not completely clear to me how the packets get to my local
machine, for example 192.168.10.25.
Let's say my ip at the current moment is 195.96.110.8 and I'm
connected to a site with the ip 193.43.1.45.
Is this the way the packets will go before they reach the destination?

        195.96.110.8 --> 192.168.10.1 --> 192.168.10.25

And after they reach 192.168.10.1, I cannot use ppp0 in my rule when I
want to filter out the packets but must I use eth0 instead?

And because I use ip masquerading, can't I use the input and output
chain but must I use the forward chain instead?

I'm very confused. Maybe someone can help me on this one.

Dennsi van der Meer

2. Solaris 2.4 gcc binaries

3. IP accounting: using ipchains/iptables!

4. changing ip address

5. IP Accounting w/IPChains

6. mouse hardware specification

7. Help with ipchains and ip accounting

8. FTP Server

9. ipchains ip accounting problem

10. IP accounting on subnet (ipchains)

11. how can i use ipchains to transfer a ip port to other ip port

12. Kernel 2.2.1:IPCHAINS:IPPORTFW:IP port forwarding: IP Masq: ipmasqadm

13. IPCHAINS real ip and fake ip