Ñòàòèñòèêà è îãðàíè÷åíèå äîñòóïà ïî ip è mac - AsusForum.NET -- WL500g

KinoMan · #1 08-01-2010, 12:45

Âåðñèÿ ñêðèïòà îò 3 ñåíòÿáðÿ 2010ã.
Ñòàðóþ âåðñèþ ïåðåíåñ ñþäà. Ñêðèïòû íåìíîãî îòëè÷àþòñÿ, ïîýòîìó, åñëè ó âàñ áûëà íàñòðîåíà ñòàðàÿ âåðñèÿ, òî íàäî óäàëèòü âñå ôàéëû èç êàòàëîãà /opt/Billing/users (ïðè ýòîì ñòàòèñòèêà ñáðîñèòñÿ).

Äëÿ ðàáîòû ýòîãî ñêðèïòà íåîáõîäèìû óñòàíîâëåííûå è íàñòðîåííûå ïàêåòû lighttpd, php è cron.

Äëÿ ÷åãî ýòîò ñêðèïò:
Ýòîò ñêðèïò ïðåäíàçíà÷åí òîëüêî äëÿ ïîäñ÷åòà òðàôèêà. Òàêæå â íåì ñóùåñòâóåò âîçìîæíîñòü àâòîìàòè÷åñêè îòêëþ÷àòü èíòåðíåò ïîëüçîâàòåëÿì, êîòîðûå ïðåâûñèëè ëèìèò òðàôèêà çà ìåñÿö.

Íàñòðîéêà ïîäñ÷åòà òðàôèêà

1.Ñîçäàåì äèðåêòîðèè è íåîáõîäèìûå ôàéëû

Code:

mkdir /opt/Billing
mkdir /opt/Billing/users
mkdir /opt/share/www/statistic
touch /opt/etc/cron.5mins/end
chmod +x /opt/etc/cron.5mins/end
touch /opt/Billing/limit
touch /usr/local/sbin/lst/ip_piring.lst

2.Ñîçäàåì òàáëèöó ïîëüçîâàòåëåé

Code:

touch /usr/local/etc/ethers

â ýòîò ôàéë (/usr/local/etc/ethers) âïèñûâàåì MAC è IP àäðåñà ïîëüçîâàòåëåé äëÿ êîòîðûõ õîòèì îòêðûòü äîñòóï ê èíòåðíåòó è ñ÷èòàòü ñòàòèñòèêó
Ïðèìåð:

Code:

00:00:1c:1c:1a:00 192.168.1.2
00:00:11:11:11:00 192.168.1.11
00:00:1a:1a:1a:00 192.168.1.15

3.Ñîçäàåì ôàéë ñ ïèðèíãîâûìè ñåòÿìè ïðîâàéäåðà
Ó ìîåãî ïðîâàéäåðà åñòü ïèðèíãîâûå çîíû äëÿ êîòîðûõ ÿ íå õî÷ó ñ÷èòàòü ñòàòèñòèêó
Â ôàéë /usr/local/sbin/lst/ip_piring.lst ïèøåì ïèðèíãîâûå çîíû ïðîâàéäåðà.
Ìîé ôàéë âûãëÿäèò òàê (ïðîâàéäåð Äîìîëèíê-Òàìáîâ):

Code:

78.132.128.0/17
213.135.128.0/19
193.203.60.0/22
93.186.96.0/20
193.33.62.0/23
91.202.20.0/22
193.34.12.0/22
82.179.144.0/20
195.19.96.0/19

4.Äëÿ òîãî ÷òîáû çàäàòü ëèìèòû òðàôèêà ïîëüçîâàòåëÿì íåîáõîäèìî:
îòðåäàêòèðîâàòü ôàéë /opt/Billing/limit
ôîðìàò ôàéëà òàêîâ
1)ip-àäðåñ ïîëüçîâàòåëÿ; 2)ëèìèò âõîäÿùåãî òðàôèêà; 3)ëèìèò èñõîäÿùåãî òðàôèêà; 4)ñóììàðíûé ëèìèò òðàôèêà.
âñå ëèìèòû çàäàþòñÿ â ìåãàáàéòàõ
íàïðèìåð:

Code:

192.168.1.2 10 1.0e+20 500

ïîëüçîâàòåëþ äàíî 10ÌÁ âõîäÿùåãî, ïðàêòè÷åñêè íå îãðàíè÷åííûé èñõîäÿùèé òðàôèê è 500ÌÁ ñóììàðíîãî òðàôèêà (âõîäÿùèé+èñõîäÿùèé). Ïðè äîñòèæåíèè ïîëüçîâàòåëåì õîòÿ áû îäíîãî èç îãðàíè÷åíèé îí áóäåò îòêëþ÷åí.
Â ýòîò ôàéë ìîæíî íå âïèñûâàòü âñåõ ïîëüçîâàòåëåé, åñëè ìû íå õîòèì çàäàâàòü äëÿ íèõ ëèìèò. Ó ìåíÿ íàïðèìåð ýòîò ôàéë ïóñòîé.

5.Ðåäàêòèðóåì ôàéë /opt/etc/cron.5mins/end
êîä ñêðèïòà â ïðèêðåïëåííîì ôàéëå

6.Ðåäàêòèðóåì ôàéë /opt/share/www/statistic/index.php
êîä ñêðèïòà â ïðèêðåïëåííîì ôàéëå

7.Ðåäàêòèðóåì ôàéë /usr/local/sbin/post-firewall
Äîáàâëÿåì â íåãî

Code:

#!/bin/sh
#1
iptables -N MAC_IP
iptables -I FORWARD 1 -o ! br0 -j MAC_IP
awk '{system("iptables -A MAC_IP -s "$2" -m mac --mac-source "$1" -j RETURN")}' < /etc/ethers
iptables -A MAC_IP -j DROP
##
#2
iptables -N STAT_IP
awk '{system("iptables -A STAT_IP -s "$1" -j RETURN");
system("iptables -A STAT_IP -d "$1" -j RETURN")  }' < /usr/local/sbin/lst/ip_piring.lst
awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN");  }' < /usr/local/etc/ethers
iptables -A STAT_IP -j RETURN
iptables -I FORWARD 1 -j STAT_IP
##

Ïåðâàÿ çàïèñü - ýòî ôèëüòð äîñòóïà ïî IP è MAC.
Ôèëüòð ðàáîòàåò íåçàâèñèìî îò òîãî ïîäêëþ÷åí èëè íå ïîäêëþ÷åí ó âàñ æåñòêèé äèñê/ôëåøêà.
Âòîðàÿ äîáàâëÿåò öåïî÷êè äëÿ ïîäñ÷åòàòà òðàôèêà.
Ñäåëàåì ôàéë èñïîëíÿåìûì

Code:

chmod +x /usr/local/sbin/post-firewall

Code:

flashfs save && flashfs commit && flashfs enable && reboot

Äîïîëíèòåëüíî ó ìåíÿ ðàáîòàåò nshaper http://wl500g.info/showpost.php?p=161206&postcount=138
ñàì ñêðèïò ó ìåíÿ íàõîäèòñÿ çäåñü /user/local/sbin/nshaper ÷òîá ðàáîòàòü íåçàâèñèìî îò ïîäêëþ÷åííîé ôëåøêè/æåñòêîãî äèñêà
Â íàñòðîéêàõ nshaper íåîáõîäèìî ïðîïèñàòü ïóòü ê óæå ñîçäàííûì ôàéëàì

Code:

# zone IP files search path
ZONE_PATH="/usr/local/sbin/lst/ip_%ZONE%.lst"

Â /usr/local/sbin/post-firewall äîáàâèòü ñòðî÷êó

Code:

/usr/local/sbin/nshaper start

äëÿ ñîõðàíåíèÿ íàñòðîåê âûïîëíèòü

Code:

flashfs save && flashfs commit && flashfs enable && reboot

8.Ïðîâåðêà ðàáîòû ñêðèïòà áèëëèíãà
êîìàíäà

Code:

iptables -nvxL FORWARD

äîëæíà âûäàâàòü ñëåäóþùåå

Code:

Chain FORWARD (policy ACCEPT 326846 packets, 24104635 bytes)
    pkts      bytes target     prot opt in     out     source               destination
27521220 19455458371 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
12362687 6335486745 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
     436   108182 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  234746 11317504 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 TCPMSS clamp to PMTU
27186649 19430124831 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       0        0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0
    7289  1120723 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT
       0        0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0

Íåìíîãî î ðàáîòå ñêðèïòà:
Ñòàòèñòèêó ñìîòðèì http://192.168.1.1:8081/statistic/ èëè òàì ãäå ó âàñ íàõîäèòñÿ ðîóòåð è íàñòðîåí lighttpd.
DELTA - òðàôèê çà ïîñëåäíèå 5 ìèíóò.
Åñëè áûëè çàäàíû ëèìèòû äëÿ ïîëüçîâàòåëåé, òî äëÿ ýòèõ ïîëüçîâàòåëåé áóäåò îòîáðàæàòüñÿ ãðàôà ñ îñòàòêîì (BALANCE).
Ïîðÿäîê îòîáðàæåíèÿ ïîëüçîâàòåëåé â áðàóçåðå òî÷íî òàêîé æå, êàê âû çàäàëè â ôàéëå ethers. Äëÿ ïîëÿ BALANCE ïîðÿäîê ïîëüçîâàòåëåé òàêîé æå, êàê â ôàéëå limit.

Ñîäåðæèìîå ñòðàíèö îáíîâëÿåòñÿ ðàç â 5 ìèíóò.

Â êîíöå êàæäîãî ìåñÿöà áóäóò óäàëåíû ôàéëû "/opt/Billing/users/*" è "/opt/Billing/total". Ïîäñ÷åò ñòàòèñòèêè çà íîâûé ìåñÿö íà÷íåòñÿ "ñ ÷èñòîãî ëèñòà". Âñå ïîëüçîâàòåëè, çàáëîêèðîâàííûå ïî ëèìèòó òðàôèêà, áóäóò âîññòàíîâëåííû. Ñòàòèñòèêó çà ïðîøëûå ìåñÿöû ðàáîòû ñêðèïòà ìîæíî áóäåò ïîñìîòðåòü ïî àäðåñó http://192.168.1.1:8081/statistic/2010-08.html - àâãóñò 2010 ãîäà (àíàëîãè÷íî äðóãèå ìåñÿöû).

rromcic · #2 08-01-2010, 16:58

Ê ýòîìó äîáàâèòü áû îãðàíè÷åíèå ñêîðîñòè ïî IP download/upload

KinoMan · #3 08-01-2010, 17:18

Quote:

Originally Posted by rromcic

Ê ýòîìó äîáàâèòü áû îãðàíè÷åíèå ñêîðîñòè ïî IP download/upload

À çà÷åì æåñòêî ðåçàòü ñêîðîñòü?
Âåäü åñòü nshaper.

Åñëè âàì î÷åíü íàäî ïîâûñèòü ïðèîðèòåò äëÿ êîíêðåòíîãî ip, òî ïîñìîòðèòå òóò http://wl500g.info/showthread.php?p=175534#post175534

rromcic · #4 08-01-2010, 21:44

Quote:

Originally Posted by KinoMan

À çà÷åì æåñòêî ðåçàòü ñêîðîñòü?
Âåäü åñòü nshaper.

Åñëè âàì î÷åíü íàäî ïîâûñèòü ïðèîðèòåò äëÿ êîíêðåòíîãî ip, òî ïîñìîòðèòå òóò http://wl500g.info/showthread.php?p=175534#post175534

Ìíå ïðîñòî íóæíî êàæäîìó þçåðó ïîñòàâèòü 2048/128 êá, ñ download ðàáîòàåò äàæå ÷åðåç âåá íàñòðîéêè à upload ïîêà íèêàê.

lsd_wiz · #5 18-01-2010, 20:39

Íåïëîõî),
Ìîò êòî íàïèøåò ñòàòèñòèêó äëÿ tc íà shell-e?

Code:

tc -s class ls dev imq1
class htb 1:11 parent 1:1 leaf 11: prio 1 rate 320Kbit ceil 1900Kbit burst 1499b cburst 4031b
 Sent 155843415 bytes 131248 pkts (dropped 0, overlimits 0)
 rate 137794bps 114pps
 lended: 26123 borrowed: 105125 giants: 0
 tokens: -57391 ctokens: 19449

class htb 1:1 root rate 2000Kbit ceil 2000Kbit burst 15Kb cburst 4159b
 Sent 176398358 bytes 150395 pkts (dropped 0, overlimits 0)
 rate 176660bps 149pps
 lended: 110878 borrowed: 0 giants: 0
 tokens: 94915 ctokens: 13567

class htb 1:13 parent 1:1 leaf 13: prio 5 rate 320Kbit ceil 1900Kbit burst 1499b cburst 4031b
 Sent 10200866 bytes 7304 pkts (dropped 0, overlimits 0)
 rate 11652bps 8pps
 lended: 5563 borrowed: 1741 giants: 0
 tokens: -20903 ctokens: 19279

class htb 1:12 parent 1:1 leaf 12: prio 1 rate 6Kbit ceil 6Kbit burst 1499b cburst 1606b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 3631591 ctokens: 3890643

class htb 1:15 parent 1:1 leaf 15: prio 5 rate 320Kbit ceil 1900Kbit burst 1499b cburst 4031b
 Sent 10353988 bytes 11842 pkts (dropped 0, overlimits 0)
 rate 23987bps 23pps
 lended: 7831 borrowed: 4011 giants: 0
 tokens: -14343 ctokens: 22696

class htb 1:14 parent 1:1 leaf 14: prio 0 rate 320Kbit ceil 1900Kbit burst 1499b cburst 4031b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 68092 ctokens: 30824

÷òîá èç ýòîãî òàêàÿæà êðàñòà ïîëó÷èëàñü. à òî ìîè ìûñëè çàøè â òóïèê.
âîò òî ÷òî åñòü:

Code:

cat stat 
#!/bin/sh                              
TC="tc -s class ls dev"                                                
$TC  imq1 | awk '                                
BEGIN{user=0;rate=0}                             
{                                                
 #if(user != 0){rate=0;user=0}                   
 if($1 == "class"){                              
   if($3 == "1:1"){user="common"}                
   if($3 == "1:11"){user="user1"}              
   if($3 == "1:12"){user="user2"}             
   if($3 == "1:13"){user="user3"}             
   if($3 == "1:14"){user="user4"}
   if($3 == "1:15"){user="user5"}
 }
  if($1 == "rate"){rate=$2}
 if(rate != 0){
  print(user,rate)
  user=0
  rate=0
 }
}
END{}' | sort

GUID · #6 09-02-2010, 04:52

Íå ñî÷òèòå çà ïðèäèðêó, íî ìíå êàæåòñÿ, ÷òî âìåñòî:

Quote:

Originally Posted by KinoMan

awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN"); }' < /etc/ethers

Âû õîòåëè íàïèñàòü:

Code:

awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN");  }' < /usr/local/etc/ethers

akm2008 · #7 10-02-2010, 08:07

Ïîäñêàæèòå êàê ñ ýòè áîðîòüñÿ ??? Êàê óáðàòü ëèøíèå ñòðîêè â âèäå 0 ???

GUID · #8 10-02-2010, 09:07

Quote:

Originally Posted by akm2008

Ïîäñêàæèòå êàê ñ ýòè áîðîòüñÿ ???

ß äåòàëüíî íå ðàçáèðàëñÿ è ñïèñàë ýòî íà òî, ÷òî çàïóñêàë ñêðèïò end, êîãäà åùå íå âñå áûëî íàñòðîåíî. Ïîýòîìó òóïî ãðîõíóë (âìåñòå ñî ñòàòèñòèêîé!) ôàéëû:
/opt/share/www/statistic/index.html
/opt/Billing/users/*
/opt/Billing/total
è ïåðåçàãðóçèë.... âîò.

akm2008 · #9 10-02-2010, 23:31

Quote:

Originally Posted by GUID

ß äåòàëüíî íå ðàçáèðàëñÿ è ñïèñàë ýòî íà òî, ÷òî çàïóñêàë ñêðèïò end, êîãäà åùå íå âñå áûëî íàñòðîåíî. Ïîýòîìó òóïî ãðîõíóë (âìåñòå ñî ñòàòèñòèêîé!) ôàéëû:
/opt/share/www/statistic/index.html
/opt/Billing/users/*
/opt/Billing/total
è ïåðåçàãðóçèë.... âîò.

õì.... ñåé÷àñ ñåë ÷òîá ïîäïðàâèòü è ÷óäî íîâûå ñóòêè ïîøëè áåç ïðîáëåì )))

KinoMan · #10 11-02-2010, 19:45

Ñòðîêè ñ íóëÿìè ïîÿâëÿþòñÿ ïðè ïåðåçàãðóçêå ðîóòåðà âèäèìî â òîò ìîìåíò êîãäà ñðàáàòûâàåò ñêðèïò. Çà 2 ìåñÿöà ó ìåíÿ òàêîå áûëî 1 ðàç.
Êàê èñïðàâèòü:
çàéòè â /opt/Billing/users/
íàéòè ôàéë ñ äàòîé, ãäå ïîÿâèëèñü íóëè
îòêðûòü åãî è îòðåäàêòèðîâàòü, óäàëèâ ïåðâûå íåñêîëüêî ñòðî÷åê ñ íóëÿìè.

Quote:

Originally Posted by GUID

Íå ñî÷òèòå çà ïðèäèðêó, íî ìíå êàæåòñÿ, ÷òî âìåñòî:

Âû õîòåëè íàïèñàòü:

Code:

awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN");  }' < /usr/local/etc/ethers

Èñïðàâèë. íî ýòî íå ñóùåñòâåííî.

GUID · #11 13-02-2010, 21:58

Quote:

Originally Posted by KinoMan

ýòî íå ñóùåñòâåííî.

à ÿ è íå óòâåðæäàë îáðàòíîãî

KinoMan · #12 05-03-2010, 11:40

Ñòàðûé ñêðèïò

Íåìíîãî ïåðåäåëàë íàéäåííûå íà ôîðóìå ñêðèïòû äëÿ ïîäñ÷åòà òðàôèêà íà ðîóòåðå ïî ip àäðåñàì.
Äëÿ ðàáîòû ñêðèïòà íåîáõîäèìû óñòàíîâëåííûå è íàñòðîåííûå ïàêåòû lighttpd è cron, gawk.

Äëÿ ÷åãî ýòîò ñêðèïò:
Ýòîò ñêðèïò ïðåäíàçíà÷åí òîëüêî äëÿ ïîäñ÷åòà òðàôèêà. Òàêæå â íåì ñóùåñòâóåò âîçìîæíîñòü àâòîìàòè÷åñêè îòêëþ÷àòü èíòåðíåò ïîëüçîâàòåëÿì, êîòîðûå ïðèâûñèëè ëèìèò òðàôèêà çà ìåñÿö.

Íàñòðîéêà ïîäñ÷åòà òðàôèêà
Îðèãèíàë òóò http://www.wl500g.info/showthread.ph...929#post149929
Îí ìåíÿ íå óñòðàèâàë è ïîýòîìó áûë ïåðåïèñàí, íî îñíîâíûå èäåè îñòàëèñü:
1.Ñîçäàåì äèðåêòîðèè è íåîáõîäèìûå ôàéëû

Code:

mkdir /opt/Billing
mkdir /opt/Billing/users
mkdir /opt/share/www/statistic
touch /opt/etc/cron.5mins/end
chmod +x /opt/etc/cron.5mins/end
touch /opt/Billing/limit

2.Ñîçäàåì òàáëèöó ïîëüçîâàòåëåé

Code:

touch /usr/local/etc/ethers

â ýòîò ôàéë (/usr/local/etc/ethers) âïèñûâàåì MAC è IP àäðåñà ïîëüçîâàòåëåé äëÿ êîòîðûõ õîòèì îòêðûòü äîñòóï ê èíòåðíåòó è ñ÷èòàòü ñòàòèñòèêó
Ïðèìåð:

Code:

00:00:1c:1c:1a:00 192.168.1.2
00:00:11:11:11:00 192.168.1.11
00:00:1a:1a:1a:00 192.168.1.15

3.Ñîçäàåì ôàéë ñ ïèðèíãîâûìè ñåòÿìè ïðîâàéäåðà
Ó ìîåãî ïðîâàéäåðà åñòü ïèðèíãîâûå çîíû äëÿ êîòîðûõ ÿ íå õî÷ó ñ÷èòàòü ñòàòèñòèêó

Code:

touch /usr/local/sbin/lst/ip_piring.lst

Â ýòîò ôàéë ïèøåì ïèðèíãîâûå çîíû ïðîâàéäåðà.
Ìîé ôàéë âûãëÿäèò òàê (ïðîâàéäåð Äîìîëèíê-Òàìáîâ):

Code:

78.132.128.0/17
213.135.128.0/19
193.203.60.0/22
93.186.96.0/20
193.33.62.0/23
91.202.20.0/22
193.34.12.0/22
82.179.144.0/20
195.19.96.0/19

4.Äëÿ òîãî ÷òîáû çàäàòü ëèìèòû òðàôèêà ïîëüçîâàòåëÿì íåîáõîäèìî:
îòðåäàêòèðîâàòü ôàéë /opt/Billing/limit
ôîðìàò ôàéëà òàêîâ
1)ip-àäðåñ ïîëüçîâàòåëÿ; 2)ëèìèò âõîäÿùåãî òðàôèêà; 3)ëèìèò èñõîäÿùåãî òðàôèêà; 4)ñóììàðíûé ëèìèò òðàôèêà.
âñå ëèìèòû çàäàþòñÿ â ìåãàáàéòàõ
íàïðèìåð:

Code:

192.168.1.2 10 1.0e+40 500

ïîëüçîâàòåëþ äàíî 10ÌÁ âõîäÿùåãî, ïðàêòè÷åñêè íå îãðàíè÷åííûé èñõîäÿùèé òðàôèê è 500ÌÁ ñóììàðíîãî òðàôèêà (âõîäÿùèé+èñõîäÿùèé). Ïðè äîñòèæåíèè ïîëüçîâàòåëåì õîòÿáû îäíîãî èç îãðàíè÷åíèé îí áóäåò îòêëþ÷åí.
Â ýòîò ôàéë ìîæíî íå âïèñûâàòü âñåõ ïîëüçîâàòåëåé, åñëè ìû íå õîòèì çàäàâàòü äëÿ íèõ ëèìèò. Ó ìåíÿ íàïðèìåð ýòîò ôàéë ïóñòîé.

5.Ðåäàêòèðóåì ôàéë /opt/etc/cron.5mins/end
êîä ñêðèïòà â ïðèêðåïëåííîì ôàéëå

6.Ðåäàêòèðóåì ôàéë /usr/local/sbin/post-firewall
Äîáàâëÿåì â íåãî

Code:

#!/bin/sh
#1
iptables -N MAC_IP
iptables -I FORWARD 1 -o ! br0 -j MAC_IP
awk '{system("iptables -A MAC_IP -s "$2" -m mac --mac-source "$1" -j RETURN")}' < /etc/ethers
iptables -A MAC_IP -j DROP
##
#2
iptables -N STAT_IP
awk '{system("iptables -A STAT_IP -s "$1" -j RETURN");
system("iptables -A STAT_IP -d "$1" -j RETURN")  }' < /usr/local/sbin/lst/ip_piring.lst
awk '{system("iptables -A STAT_IP -s "$2" -j RETURN")
system("iptables -A STAT_IP -d "$2" -j RETURN");  }' < /usr/local/etc/ethers
iptables -A STAT_IP -j RETURN
iptables -I FORWARD 1 -j STAT_IP
##

Ïåðâàÿ çàïèñü - ýòî ôèëüòð äîñòóïà ïî IP è MAC.
Ôèëüòð â âåá-èíòåðôåéñå ðîóòåðà ìåíÿ íå óñòðîèë (îí îòêëþ÷åí) - ïîòîìó ÷òî äîñòàòî÷íî ïðîïèñàòü â êà÷åñòâå DNS íà êîìïüþòåðå ip àäðåñà íàïðèìåð opendns è èíòåðíåò ó âàñ ïîÿâëÿåòñÿ (ôèëüòð âåá èíòåðôåéñà ëåãêî îáîéòè).
îðèãèíàë çäåñü http://wl500g.info/showthread.php?p=77148#post77148
Ôèëüòð ðàáîòàåò íåçàâèñèìî îò òîãî ïîäêëþ÷åí èëè íå ïîäêëþ÷åí ó âàñ æåñòêèé äèñê/ôëåøêà.
Âòîðàÿ äîáàâëÿåò öåïî÷êè äëÿ ïîäñ÷åòàòà òðàôèêà.
Ñäåëàåì ôàéë èñïîëíÿåìûì

Code:

chmod +x /usr/local/sbin/post-firewall

Code:

flashfs save && flashfs commit && flashfs enable && reboot

Äîïîëíèòåëüíî ó ìåíÿ ðàáîòàåò nshaper http://wl500g.info/showpost.php?p=161206&postcount=138
ñàì ñêðèïò ó ìåíÿ íàõîäèòñÿ çäåñü /user/local/sbin/nshaper ÷òîá ðàáîòàòü íåçàâèñèìî îò ïîäêëþ÷åííîé ôëåøêè/æåñòêîãî äèñêà
Â íàñòðîéêàõ nshaper íåîáõîäèìî ïðîïèñàòü ïóòü ê óæå ñîçäàííûì ôàéëàì

Code:

# zone IP files search path
ZONE_PATH="/usr/local/sbin/lst/ip_%ZONE%.lst"

Â /usr/local/sbin/post-firewall äîáàâèòü ñòðî÷êó

Code:

/usr/local/sbin/nshaper start

äëÿ ñîõðàíåíèÿ íàñòðîåê âûïîëíèòü

Code:

flashfs save && flashfs commit && flashfs enable && reboot

6.Ïðîâåðêà ðàáîòû ñêðèïòà áèëëèíãà
êîìàíäà

Code:

iptables -nvxL FORWARD

äîëæíà âûäàâàòü ñëåäóþùåå

Code:

Chain FORWARD (policy ACCEPT 326846 packets, 24104635 bytes)
    pkts      bytes target     prot opt in     out     source               destination
27521220 19455458371 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
12362687 6335486745 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
     436   108182 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  234746 11317504 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 TCPMSS clamp to PMTU
27186649 19430124831 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       0        0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0
    7289  1120723 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT
       0        0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0

Íåìíîãî î ðàáîòå ñêðèïòà:
Ñòàòèñòèêó ñìîòðèì http://192.168.1.1:8081/statistic/ èëè òàì ãäå ó âàñ íàõîäèòñÿ ðîóòåð è íàñòðîåí lighttpd.
Ïî àäðåñó http://192.168.1.1:8081/statistic/delta.html ìîæíî ïîñìîòðåòü ñêîëüêî áûëî ñêà÷åíî êàæäûì ïîëüçîâàòåëåì çà ïîñëåäíèå 5 ìèíóò.
Ñîäåðæèìîå ñòðàíèö îáíîâëÿåòñÿ ðàç â 5 ìèíóò.

Â êîíöå êàæäîãî ìåñÿöà áóäóò óäàëåíû ôàéëû "/opt/Billing/users/*" è "/opt/Billing/total". Ïîäñ÷åò ñòàòèñòèêè çà íîâûé ìåñÿö íà÷íåòñÿ "ñ ÷èñòîãî ëèñòà". Âñå ïîëüçîâàòåëè, çàáëîêèðîâàííûå ïî ëèìèòó òðàôèêà, áóäóò âîññòàíîâëåííû. Ñòàòèñòèêó çà ïðîøëûå ìåñÿöû ðàáîòû ñêðèïòà ìîæíî áóäåò ïîñìîòðåòü ïî àäðåñó http://192.168.1.1:8081/statistic/2010-08.html - àâãóñò 2010 ãîäà (àíàëîãè÷íî äðóãèå ìåñÿöû).

gingerino · #13 12-04-2010, 14:52

óñòàíîâèë ñòàòèñòèêó è nshaper. Â iptables âèæó, ÷òî ïîäñ÷¸ò âåä¸òñÿ. Øåéïåð ðåæåò. Íî âîò íà ñàéòå ñòàòèñòèêà íå îáíîâëÿåòñÿ. Êóäà êîïàòü?

Code:

 iptables -nxvL | grep STAT -A 15
  408398 192348821 STAT_IP    all  --  *      *       0.0.0.0/0            0.0.0.0/0
  199999 37466458 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
       0        0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    6859   361636 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 TCPMSS clamp to PMTU
  387259 190737467 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       0        0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
       0        0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0
       0        0 SECURITY   all  --  !br0   *       0.0.0.0/0            0.0.0.0/0           state NEW
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate DNAT

--
Chain STAT_IP (1 references)
    pkts      bytes target     prot opt in     out     source               destination
   21319  4332932 RETURN     all  --  *      *       192.168.0.39         0.0.0.0/0
   22721 10732361 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.39
   11519  1245372 RETURN     all  --  *      *       192.168.0.3          0.0.0.0/0
   12509 15281613 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.3
   11739   667399 RETURN     all  --  *      *       192.168.0.5          0.0.0.0/0
   13060 14931916 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.5
    6072  1872269 RETURN     all  --  *      *       192.168.0.21         0.0.0.0/0
    5251  3716919 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.21
    8649  3163000 RETURN     all  --  *      *       192.168.0.200        0.0.0.0/0
    6509  3408964 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.200
       0        0 RETURN     all  --  *      *       192.168.0.202        0.0.0.0/0
       0        0 RETURN     all  --  *      *       0.0.0.0/0            192.168.0.202
     432    22736 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

â òî æå âðåìÿ ôàéë total ïðåäñòàâëÿåò ñîáîé

Code:

 cat /opt/Billing/total
192.168.0.39   0
192.168.0.3   0
192.168.0.5   0
192.168.0.21   0
192.168.0.200   0
192.168.0.202   0

KinoMan · #14 12-04-2010, 15:23

gingerino
êðîí óñòàíîâëåí? ïðîâåðüòå, ðàáîòàåò ëè îí.
åùå äëÿ ñêðèïòà ñòàòèñòèêè íåîáõîäèì ïàêåò gawk: ipkg install gawk

gingerino · #15 12-04-2010, 15:44

gawk ñòîèò:
ipkg list_installed | grep gawk
gawk - 3.1.7-1 - Gnu AWK interpreter

äà ïîõîæå ÷òî cron íå çàïóñêàåò çàäà÷è...
ñåé÷àñ ïðîâåðèë ïðàâà íà ôàéë end - 755
áóäó êóðèòü êðîí....

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Êîíòðîëü äîñòóïà, îãðàíè÷åíèå øèðèíû êàíàëà	wildDAlex	Russian Discussion - РУССКИЙ (RU)	2	03-01-2009 14:28
Îãðàíè÷åíèå ñêîðîñòè äîñòóïà â èíòåðíåò äëÿ óñòðîéñòâ wi-fi	iXen	Russian Discussion - РУССКИЙ (RU)	0	29-08-2008 11:00
Îãðàíè÷åíèå ñêîðîñòè, êîëè÷åñòâà ïîòîêîâ è ïî MAC àäðåñó	A-r-t	Russian Discussion - РУССКИЙ (RU)	2	17-04-2008 14:24
MAC àäðåñ,ïðîáëåìà äîñòóïà ê ðîóòåðó!	alkonaftik	Russian Discussion - РУССКИЙ (RU)	7	03-03-2008 15:41
MAC Ñïèñîê îãðàíè÷åíèå.	Compman	Russian Discussion - РУССКИЙ (RU)	7	12-01-2008 17:49