Ñòàòèñòèêà è îãðàíè÷åíèå äîñòóïà ïî ip è mac

**ale_xb** · 13-09-2010, 12:49

Originally Posted by KinoMan

1.
Çàìåíèòå êóñîê ñêðèïòà end

Code:

read OLDDATE <$DATEFILE 
if [ "$DATE" \> "$OLDDATE" ]

íà

Code:

MDATE=`date +%d-%H-%M`
XDATE="02-19-40"
if [ "$XDATE" == "$MDATE" ]

"02-19-40" - 2 ÷èñëî êàæäîãî ìåñÿöà â 19:40
â XDATE âïèøèòå ñâîå çíà÷åíèå ïî ìèíóòàì êðàòíîå 5(åñëè êðîí çàïóñêàåò ñêðèïò åæåìèíóòíî òî íå îáÿçàòåëüíî êðàòíîå 5).

Â ýòîì ñëó÷àå, åñëè äåíü Õ, íàïðèìåð, 31-å ÷èñëî, òî ñáðîñ ñòàòèñòèêè íå áóäåò ïðîèçâîäèòñÿ â ìåñÿöû, ãäå ÷èñëî äíåé ìåíüøå - â ôåâðàëå, èþíå è ò.ï. (ÿ îá ýòîì ïèñàë â ñâîåì ïåðâîì ïîñòå).

**j00e** · 13-09-2010, 18:12

Íå çíàþ ÷òî è äåëàòü. Ïðîáëåìà êàê ó ïåðâûõ ïîëüçîâàòåëåé, â êîíñîëè ñòàòèñòèêà ðàñòåò, à íà ñòðàíè÷êå íåò.
ïðèâîæó ôàéëû:

Code:

Chain FORWARD (policy ACCEPT 13450 packets, 1147049 bytes)
    pkts      bytes target     prot opt in     out     source               destination
   88420 59267445 ACCEPT     udp  --  *      *       0.0.0.0/0            172.16.0.17         udp dpt:42795
   49821 11023828 ACCEPT     tcp  --  *      *       0.0.0.0/0            172.16.0.17         tcp dpt:42795
 4916134 4537395287 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
 2572652 1687222257 out_traffic  all  --  br0    *       0.0.0.0/0            0.0.0.0/0
 2264829 2774873797 in_traffic  all  --  *      br0     0.0.0.0/0            0.0.0.0/0
 2597225 1690631329 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0
 2317455 2846661056 ACCEPT     all  --  ppp+   *       0.0.0.0/0            0.0.0.0/0
    1488   106932 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
      34     1817 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    6738   406224 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
 2583765 1689486067 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       0        0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  !br0   vlan2   0.0.0.0/0            0.0.0.0/0
       1       61 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT
       0        0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0

/tmp/local/etc/ethers

Code:

00:25:d3:f3:xx:xx 172.16.0.17
00:16:ea:91:xx:xx 172.16.0.8
38:e7:d8:15:xx:xx 172.16.0.9

(ïîñëå ïîñëåäíåãî ýíòåð)

Â ôàéëàõ âåçäå íóëè ñî ñòàòèñòèêîé íàïðîòèâ èïîâ. ïðèìåð:
/opt/Billing/users/2010-09-13

Code:

172.16.0.17 0 0 0 0
172.16.0.8 0 0 0 0
172.16.0.9 0 0 0 0

/opt/Billing/total

Code:

172.16.0.17 0 0
172.16.0.8 0 0
172.16.0.9 0 0

Â ôàéë limit çàñóíóë ýíòåð. (÷åðåç ìñ)
Â ôàéë /tmp/local/sbin/lst/ip_piring.lst çàñóíóë ýíòåð (÷åðåç ìñ)

Ïûòàëñÿ çàïóñòèòü end ðóêàìè, îøèáîê íå áûëî\ðåàêöèè òîæå. Êóäà êîïàòü?

Ç.Û. Íåëüçÿ ëè äîáàâèòü àâòîìàòè÷åñêîå äîáàâëåíèå þçåðîâ? òèïà åñëè ñòàâèòü íà ðàáîòå ÷òîáû íå íàäî áûëî ðóêàìè êàæäûé ðàç äîïèñûâàòü.

**KinoMan** · 13-09-2010, 18:19

j00e
Âû èñïîëüçóåòå äðóãóþ ïîäñåòü
ïîìåíÿéòå â ñêðèïòå end

Code:

grep 192.168

íà

Code:

grep 172.16

**fflyer** · 14-09-2010, 05:29

KinoMan ñïàñèáî îãðîìíîå çà ñêðèïò!
Åùå âîïðîñ - ìîæíî ëè âíåñòè â ñïèñîê ethers ñàì ðîóòåð? è êàêîé MAC àäðåñ òîãäà ïèñàòü? (õî÷ó òîððåíòîêà÷àëêó ïîñòàâèòü íà usb-äèñê, ïîäêëþ÷åííûé ê ðîóòåðó)

**Anton89** · 14-09-2010, 07:32

Originally Posted by fflyer

KinoMan ñïàñèáî îãðîìíîå çà ñêðèïò!
Åùå âîïðîñ - ìîæíî ëè âíåñòè â ñïèñîê ethers ñàì ðîóòåð? è êàêîé MAC àäðåñ òîãäà ïèñàòü? (õî÷ó òîððåíòîêà÷àëêó ïîñòàâèòü íà usb-äèñê, ïîäêëþ÷åííûé ê ðîóòåðó)

Íåò. Ñêðèïò ñäåëàí äëÿ ôèêñàöèè è ïîäñ÷åòà ÏÐÎÕÎÄßÙÅÃÎ ÷åðåç ðîóòåð òðàôèêà ... Äëÿ ïîäñ÷åòà òðàôèêà ñàìîãî ðîóòåðà íóæíî ôèêñèðîâàòü/ñ÷èòàòü öåïî÷êè INPUT/OUTPUT. Äîáàâèòü íå ñëîæíî, íî â òåêóùåì èñïîëíåíèè ñêðèïòà ýòîãî íåò.

**KinoMan** · 14-09-2010, 07:34

fflyer
Íà ñàìîì ðîóòåðå èíòåðíåò áóäåò â ëþáîì ñëó÷àå. Ñòàâüòå äîïîëíèòåëüíî ÷òî õîòèòå.
Åñëè õîòèòå ÷òîá ñ÷èòàëñÿ îòäåëüíî òàðôèê ðîóòåðà, òî äîáàâëþ ïîòîì.

**aNGEl0** · 14-09-2010, 23:16

Ñïàñèáî àâòîðó çà ïðîñòóþ ðåàëèçàöèþ ))
Ïîêà îñâàèâàþ êîíñîëüíûé êîäèíã, ïîÿâèëàñü èäåÿ - à ÷òî åñëè ïî ôàêòó áëîêèðîâêè îòñûëàòü çàáëîêèðîâàííîìó ÑÌÑ ñ ñîîòâåòñòâóþùèì òåêñòîì? Èëè ïî ôàêòó ïðèáëèæåíèÿ ê ëèìèòó? Ñîîòâåòñòâèå ÑÌÑ-ÈÏ ïîëîæèòü êóäà-íòü îòäåëüíî. Èëè, åñëè íå ñëîæíî, ñðàçó îðãàíèçîâàòü ñîîòâåòñòâèå ÈÏ-Èìÿ_ïîëüçîâàòåëÿ-ÍîìåðÒåëåôîíà â îòäåëüíîì ôàéëå, ÷òîáû íå âíîñèòü èçìåíåíèÿ â php.
Ñïàñèáî çà âíèìàíèå

**gingerino** · 18-09-2010, 16:56

È ñíîâà äîáðûé äåíü!
Ðîóòåð îòðàáîòàë c ìàÿ áåç ñóùåñòâåííûõ ïðîáëåì. Çà ÷òî áîëüøîå ñïàñèáî àâòîðó!!!
Íà äíÿõ ïîÿâèëîñü ñâîáîäíîå âðåìÿ. Â ðåçóëüòàòå ïîëíîñòüþ îáíîâèë íà 1825 ïðîøèâêó è íà ïîñëåäíþþ âåðñèþ ñêðèïòà. Íî êàê è ïðîøëûé ðàç íå ìîãó ðàçîáðàòüñÿ ñ âàéâàé êëèåíòàìè.

Ñóòü äåëà òàêîâà: ìàê àäðåñ êëèåíòà (òåëåôîí) çàíåñ¸í â /usr/local/etc/ethers ñ àäðåñîì 192,168,0,212 è â ñòàòèñòèêå îí îòîáðàæàåòñÿ (ïðàâäà ïîêà ñ íóëÿìè). Ðîóòåð ðàáîòàåò â áîëüøîé ëîêàëêå åãî àäðåñ 192.168.0.201. DHCP íàñòîåí íà ðàçäà÷ó àäðåñîâ îò 192,168,0,200 äî 192,168,0,255. Åñëè íå íàñòðîèòü ïðèíóäèòåëüíóþ âûäà÷ó àäðåñà ïî ìàêó, òî êëèåíò çàâèñàåò â ìîìåíò ïîäêëþ÷åíèÿ. Ïîñëå íàñòðîéêè âûäà÷è ÷åðåç âåá èíòåðôåéñ. Â ìîìåíò ïîäêëþ÷åíèÿ êëèåíòà êëèåíò ãîâîðèò, ÷òî ïîäêëþ÷åí, à â ëîãå ðîóòåðà ïîÿâëÿåòñÿ çàïèñü:

Code:

01:43:05 19-09-2010 (warning|daemon|dnsmasq-dhcp) dnsmasq-dhcp[69]: no address range available for DHCP request via br0
01:43:07 19-09-2010 (warning|daemon|dnsmasq-dhcp) dnsmasq-dhcp[69]: no address range available for DHCP request via br0

è â ðåçóëüòàòå â èíåò èç êëèåíòà íå âûõîäèò...

**ale_xb** · 20-09-2010, 11:13

Originally Posted by KinoMan

fflyer
Åñëè õîòèòå ÷òîá ñ÷èòàëñÿ îòäåëüíî òàðôèê ðîóòåðà, òî äîáàâëþ ïîòîì.

Ìíå òîæå êàæåòñÿ ïîëåçíûì ïîäñ÷åò îòäåëüíî òðàôèêà ðîóòåðà

**KinoMan** · 20-09-2010, 18:34

gingerino
Áëîêèðîâêà ïî ip è mac áûëà ñäåëàíà êàê íàïèñàíî çäåñü http://wl500g.info/showthread.php?p=77148#post77148

Íàì íóæíî áóäåò ïîäñóíóòü ñâîé ôàéë ñ ïðèâÿçêàìè ip-mac DHCP ñåðâåðó, ðîëü êîòîðîãî íà ðîóòåðå èñïîëíÿåò dnsmasq. Åñëè àññîöèàöèè ïîëîæèòü â ôàéë /usr/local/etc/ethers òî ïðîøèâêà àâòîìàòè÷åñêè äîáàâèò åãî ñîäåðæèìîå ê ðàáî÷åìó ôàéëó /etc/ethers ïðè ñîñòàâëåíèè îíîãî îñíîâûâàÿñü íà íàñòðîéêàõ âåá-èíòåðôåéñà. Ïîýòîìó ñåé ñïèñîê áóäåì âåñòè èìåííî â òîì ôàéëå.

Òî åñòü ðîóòåð ñàì äîëæåí ðàçäàòü íóæíûå ip êëèåíòàì áåç íàñòðîéêè ÷åðåç âåá èíòåðôåéñ. (ïðàâäà ñàì ÿ ýòî íå ïðîâåðÿë, dhcp íà ðîóòåðå îòêëþ÷åí)

**nuivot** · 21-09-2010, 07:19

Originally Posted by ale_xb

Ìíå òîæå êàæåòñÿ ïîëåçíûì ïîäñ÷åò îòäåëüíî òðàôèêà ðîóòåðà

Òîæå õîòåëîñü áû ñòàòèñòèêó ïî ðîóòåðó â öåëîì, òàê êàê ó ìåíÿ ñóòî÷íûé ëèìèò òðàôèêà. Åñëè áû åù¸ êòîòî ïîÿñíèë ÷àéíèêó êàê ïî äîñòèæåíèè îïðåäåë¸ííîãî êîëè÷åñòâà òðàôèêà ðåçàòü ñêîðîñòü (îáùóþ íà ðîóòåðå) äî 1-2 êèëîáèò â ñåêóíäó áûë áû ïðåìíîãî áëàãîäàðåí.

**aNGEl0** · 21-09-2010, 10:03

÷åãî-òî ïåðåñòàëà ñòàòèñòèêà ñ÷èòàòüñÿ ñ 19 ñåíòÿáðÿ: http://angel.thruhere.net/statistic
òóò òîæå ïóñòî

Code:

iptables -nvxL FORWARD
Chain FORWARD (policy ACCEPT 2655 packets, 1626851 bytes)
    pkts      bytes target     prot opt in     out     source               destination

õîòÿ äî ïåðåçàãðóçêè âûâîäèëèñü STAT_IP è MAC_IP äâàæäû, âîò òàê:

Code:

iptables -nvxL FORWARD
Chain FORWARD (policy ACCEPT 624965 packets, 498647995 bytes)
    pkts      bytes target     prot opt in     out     source               destination
  624965 498647995 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
  367706 368483590 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
  624965 498647995 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
  367706 368483590 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0

Êóäà êîïíóòü? Ìîæíî, êîíå÷íî, ïðåäïîëîæèòü, ÷òî þçåðû ïåðåñòàëè èíòåðíåòîì ïîëüçîâàòüñÿ, íî, ñàìè ïîíèìàåòå, ýòî ìàëîâåðîÿòíî

)
!fixed
êàêèì-òî îáðàçîì "ïîëîìàëèñü" ïðîïèñàííûå â âåáìîðäå ðàçðåøåííûå ìàêè è ëèçû äõöï-ñåðâåðà. Ïîñëå óäàëåíèÿ è ââîäà çàíîâî âñå çàðàáîòàëî.

**nikolay_w** · 02-10-2010, 22:06

îáíîâèë ïðîøèâêó ðîóòåðà, óñòàíîâèë ñàìáó ÷åðåç http://wl500g.info/showthread.php?t=21889&page=374
âñå ïî ïóíêòàì ñäåëàë êàê òóò íàïèñàíî, êàê íå áèëñÿ - èíåòà íåòó,

Code:

00:09:34:20:7F:73 192.168.0.97
4C:00:10:51:A1:9C 192.168.0.25
00:1C:BF:C4:91:44 192.168.0.176

ïîñëå ýòîãî çàêîìåíòàðèë â /usr/local/sbin/post-firewall ñòðîêó iptables -A MAC_IP -j DROP
ïîëó÷èëîñü

Code:

#!/bin/sh

# port HTTP
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# port for rTorrent
iptables -I INPUT -p tcp -m tcp --dport 51778 -j ACCEPT

#1
iptables -N MAC_IP
iptables -I FORWARD 1 -o ! br0 -j MAC_IP
awk '{system("iptables -A MAC_IP -s "$2" -m mac --mac-source "$1" -j
RETURN")}' < /usr/local/etc/ethers
#iptables -A MAC_IP -j DROP
##
#2
iptables -N STAT_IP
awk '{system("iptables -A STAT_IP -s "$1" -j RETURN");
system("iptables -A STAT_IP -d "$1" -j RETURN")  }' <
/usr/local/sbin/lst/ip_piring.lst
awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN");  }' <
/usr/local/etc/ethers
iptables -A STAT_IP -j RETURN
iptables -I FORWARD 1 -j STAT_IP
##

èíåò ïîÿâèëñÿ, íî ñòàòèñòèêè òàê è íåòó.

Code:

 iptables -nvxL FORWARD
Chain FORWARD (policy ACCEPT 1722 packets, 148685 bytes)
    pkts      bytes target     prot opt in     out     source               destination
    3969   676034 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
     400    19932 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    5383  2455329 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       0        0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT
       0        0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0

è ñòàòèñòèêà íå ñ÷èòàåòñÿ. ìîæåò êòî ÷òî ïîäñêàæåò?

**fflyer** · 03-10-2010, 21:35

Îáðàùàþñü ê ïîëüçîâàòåëÿì ñêðèïòà - ó âàñ åãî äàííûå ñîâïàäàþò ñ äàííûìè ïðîâàéäåðà?
Ó ìåíÿ ïðîâ - Äîì.ðó. Â ëè÷íîì êàáèíåòå ìîæíî ñìîòðåòü ñòàòèñòèêó (îòäåëüíî ïî èíòåðíåò-çîíå è ìåñòíîé çîíå). Çîíà àäðåñîâ, òðàôèê ñ êîòîðîé íå ó÷èòûâàåòñÿ è äîñòóï äî êîòîðîé 10Ìáèò/ñ, íèãäå ïðÿìî íå óêàçàí, íî íà ñàéòå ïðîâà åñòü "îïðåäåëèòåëü òðàôèêà", íó è íà ôîðóìå ìåñòíîì ïîñïðàøèâàë - äèàïàçîí òàê íàçûâàåìûõ "ìåñòíûõ" àäðåñîâ îïðåäåëèëè. Çàïèñàë èõ â ïèðèíã.ëèñò.
Âñå íàñòðîèë (â ñåíòÿáðå åùå). Ðîóòåð DIR-320, ïðîøèâêà 1.9.2.7-d-r1825. Âñå ðàáîòàåò.
Â ðåçóëüòàòå íà 3 îêòÿáðÿ íà ðîóòåðå èíòåðíåò òðàôèê íàñ÷èòàëñÿ 1067,15 Ìá, à íà ñàéòå äîì.ðó 1239,54 Ìá. Ìíå ýòî êàê-òî íå ïîíðàâèëîñü, íà ôîðóìå àäìèíû ïðîâà ìîë÷àò êàê ïàðòèçàíû.
Ñåãîäíÿ ðåøèë î÷èñòèòü ïèðèíã.ëèñò è ñðàâíèòü ñ îáùèì ñ÷åò÷èêîì òðàôèêà ó ïðîâàéäåðà. Âûøëî çà òðè ÷àñà íå î÷åíü àêòèâíîãî èñïîëüçîâàíèÿ ìîé òðàôèê (çîíà ïèðèíãà î÷èùåíà) 127,86 Ìá - îáùèé òðàôèê (ìåñòíàÿ è èíòåðíåò çîíû) íà ñàéòå ïðîâà 134,02 Ìá.
Íà ðîóòåðå íèêàêèõ êà÷àëîê íå çàïóùåíî, íàñòðîåí òîëüêî ïðèåì âðåìåíè ñ ntp.
Íåóæåëè ñëóæåáíûé òðàôèê ðîóòåðà íàñòðîëüêî âåëèê???
Â îáùåì, ïðîøó ïîäñêàçêè...

**tempik** · 04-10-2010, 08:46

Originally Posted by fflyer

Â ðåçóëüòàòå íà 3 îêòÿáðÿ íà ðîóòåðå èíòåðíåò òðàôèê íàñ÷èòàëñÿ 1067,15 Ìá, à íà ñàéòå äîì.ðó 1239,54 Ìá. Ìíå ýòî êàê-òî íå ïîíðàâèëîñü, íà ôîðóìå àäìèíû ïðîâà ìîë÷àò êàê ïàðòèçàíû.
Ñåãîäíÿ ðåøèë î÷èñòèòü ïèðèíã.ëèñò è ñðàâíèòü ñ îáùèì ñ÷åò÷èêîì òðàôèêà ó ïðîâàéäåðà. Âûøëî çà òðè ÷àñà íå î÷åíü àêòèâíîãî èñïîëüçîâàíèÿ ìîé òðàôèê (çîíà ïèðèíãà î÷èùåíà) 127,86 Ìá - îáùèé òðàôèê (ìåñòíàÿ è èíòåðíåò çîíû) íà ñàéòå ïðîâà 134,02 Ìá.
Íà ðîóòåðå íèêàêèõ êà÷àëîê íå çàïóùåíî, íàñòðîåí òîëüêî ïðèåì âðåìåíè ñ ntp.
Íåóæåëè ñëóæåáíûé òðàôèê ðîóòåðà íàñòðîëüêî âåëèê???
Â îáùåì, ïðîøó ïîäñêàçêè...

Äîáèòüñÿ ïîëíîãî ñîîòâåòñòâèÿ ïîêàçàíèé òâîåãî ñ÷åò÷èêà è ïðîâàéäåðñêîãî êàê ïðàâèëî íå óäàåòñÿ, âåäü îí ñ÷èòàåò âñå ïàêåòû êîòîðûå îí îòïðàâèë íà êëèåíòñêèé ïîðò, à ðîóòåð òîëüêî òå ÷òî íå îòáðîñèë. Â ïðèíöèïå åñëè íåò ïîñòîÿííîãî ñêàíèðîâàíèÿ ïîðòîâ è áðóòôîðñà íà òâîé ðîóòåð òî ðàñõîæäåíèå íå äîëæíî áûòü ñèëüíî áîëüøèì (ìàêñèìàëüíî ïðèáëèæåííî áóäåò ñ÷èòàòü Âõîäÿùèé -öåïî÷êà PREROUTIN â òàáëèöå mangle, à Èñõîäÿùèé - öåïî÷êà POSTROUTIN â òàáëèöå mangle). Âîîáùå ÈÌÕÎ öåïî÷êè ïîäñ÷åòà òðàôèêà ëó÷øå âñåãî ðàçìåùàòü èìåííî â òàáëèöå mangle, ïðåèìóùåñòâà:
1) Ïî óìó ñ÷èòàòü íóæíî äî çàïðåùàþùèõ ïðàâèë.
2) Â mangle î÷åíü ðåäêî äîáàâëÿþòñÿ ïðàâèëà äðóãèì ñîôòîì.

Thread: Ñòàòèñòèêà è îãðàíè÷åíèå äîñòóïà ïî ip è mac

Thread Tools

Rate This Thread

Display

íå ñ÷èòàåòñÿ ñòàòèñòèêà âîîáùå

Similar Threads

Ðîóòåð Asus êàê òî÷êà äîñòóïà äëÿ HotSpot ?

Âîïðîñû ïî ïåðåïðîøèâêå dir-320

Pppoe doesn't work on Oleg fw 1.9.2.7-10

Tags for this Thread

Posting Permissions