Graphical IP accounting

**oversc0re** · 01-06-2006, 19:58

If it does not gaether data:
1) Check the IPTABLES entries and make sure that it produces the output proportional to the data transfer
2) Make sure crontab is running!
3) Try feeding rrdtool manually and check if it works. (you can see all the commands in my scripts)
Try being more specific describing your problem...

Greetz, over.

**audiophil** · 01-06-2006, 20:27

Thanks for the reply oversc0re!
The cron is not the problem, I've tried to run the update_traf.sh manually and followed by plot_traf.sh.

This got a bit big, but heres my iptables -L output:

I'm aware that there are duplicate entries, I ran ./add_iptables.sh two times... But you see my data.

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
router_in  all  -- !192.168.1.0/24       trondelag-dhcxxxxxecom.no
router_in  all  -- !192.168.1.0/24       trondelagxxxxxxxom.no
MACS       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state NEW
SECURITY   all  --  anywhere             anywhere           state NEW
ACCEPT     udp  --  anywhere             anywhere           udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
traffic_out  all  --  anywhere             anywhere
traffic_in  all  --  anywhere             anywhere
traffic_out  all  --  anywhere             anywhere
traffic_in  all  --  anywhere             anywhere
MACS       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
SECURITY   all  --  anywhere             anywhere           state NEW
ACCEPT     tcp  --  anywhere             192.168.1.2        tcp dpts:ftp-data:ftp
ACCEPT     tcp  --  anywhere             192.168.1.2        tcp dpts:6881:6882
ACCEPT     udp  --  anywhere             192.168.1.2        udp dpts:6881:6882
ACCEPT     tcp  --  anywhere             192.168.1.2        tcp dpt:31214
ACCEPT     udp  --  anywhere             192.168.1.2        udp dpt:31214
ACCEPT     tcp  --  anywhere             192.168.1.4        tcp dpt:32493
ACCEPT     udp  --  anywhere             192.168.1.4        udp dpt:32493
ACCEPT     udp  --  anywhere             anywhere           udp dpt:6112

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
router_out  all  --  tronxxxxxxcom.no !192.168.1.0/24
router_out  all  --  tronxxxxxxxxxxom.no !192.168.1.0/24

Chain MACS (2 references)
target     prot opt source               destination

Chain SECURITY (2 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN limi                                                      t: avg 1/sec burst 5
RETURN     tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,ACK/RST                                                       limit: avg 1/sec burst 5
RETURN     udp  --  anywhere             anywhere           limit: avg 5/sec burst 5
RETURN     icmp --  anywhere             anywhere           limit: avg 5/sec burst 5
DROP       all  --  anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level warning tc                                                      p-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level warning tc                                                      p-sequence tcp-options ip-options prefix `DROP'
DROP       all  --  anywhere             anywhere

Chain router_in (2 references)
target     prot opt source               destination
           all  --  anywhere             anywhere
           all  --  anywhere             anywhere

Chain router_out (2 references)
target     prot opt source               destination
           all  --  anywhere             anywhere
           all  --  anywhere             anywhere

Chain traffic_in (2 references)
target     prot opt source               destination
           all  --  anywhere             192.168.1.2
           all  --  anywhere             192.168.1.3
           all  --  anywhere             192.168.1.4
           all  --  anywhere            !192.168.1.0/24
           all  --  anywhere             192.168.1.2
           all  --  anywhere             192.168.1.3
           all  --  anywhere             192.168.1.4
           all  --  anywhere            !192.168.1.0/24

Chain traffic_out (2 references)
target     prot opt source               destination
           all  --  192.168.1.2          anywhere
           all  --  192.168.1.3          anywhere
           all  --  192.168.1.4          anywhere
           all  -- !192.168.1.0/24       anywhere
           all  --  192.168.1.2          anywhere
           all  --  192.168.1.3          anywhere
           all  --  192.168.1.4          anywhere
           all  -- !192.168.1.0/24       anywhere

I've made a start.sh which I run from post-boot (it runs after mounting usb-drive).
Start.sh:

Code:

#/bin/sh
/opt/rrd/add_iptables.sh
/opt/rrd/init_traf.sh
/opt/rrd/update_traf.sh
/opt/rrd/plot_traf.sh

Edit:
Just add that the image generation works just fine for eth0/eth1 (somehow they both contain data?). Which one is the "wan" port on the back of the router?

**oversc0re** · 01-06-2006, 22:24

Emm ... I am having troubles understanding what is working and what not.. Is the plot working for any connection? Are the graphs plotted without data?

The only interface that contained valid data for me was the ppp0 interface. Not eth0 nor eth1 didn't work for me.

If you put

Code:

iptables -n -L traffic_in -vx

into the command line you should get something like this:

Code:

Chain traffic_in (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
 3220697 2549139449            all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          
    1231   734960            all  --  ppp0   *       0.0.0.0/0            192.168.0.10       
   18126  9919769            all  --  ppp0   *       0.0.0.0/0            192.168.0.20       
   33810 34429352            all  --  ppp0   *       0.0.0.0/0            192.168.0.30       
 3167530 2504055368            all  --  ppp0   *       0.0.0.0/0            192.168.0.110

The bytes column contains transfered data and it should constantly increase. If it doesn't you have an IPTABLES problem. Check my scripts for an alternative configuraton of iptables (a few post below).

Greetz, over.

**audiophil** · 01-06-2006, 22:47

[admin@(none) rrd]$ iptables -n -L traffic_in -vx
Chain traffic_in (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.2
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.3
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.4
0 0 all -- eth1 * 0.0.0.0/0 !192.168.1.0/24
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.2
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.3
0 0 all -- eth1 * 0.0.0.0/0 192.168.1.4
0 0 all -- eth1 * 0.0.0.0/0 !192.168.1.0/24

Needless to say, something is wrong...

**oversc0re** · 01-06-2006, 22:52

It might be the eth1 interface... try ppp0.

**audiophil** · 01-06-2006, 22:56

Isn't ppp0 only for those who use ppp authing with their ADSL provider? I got "plug and play"-style ADSL.

Edit:
When using ppp0 and ./update_traf i get:
ifconfig: ppp0: error fetching interface information: Device not found

Which kinda rules out ppp0.

**oversc0re** · 01-06-2006, 22:58

Sry... u're right about that. Well then try eth0

Keep on trying until the numbers start rolling.

Edit: And if you want to monitor all the router traffic, take a look at my first entry.

**audiophil** · 02-06-2006, 12:35

Whyyy wont it work?! Frustrated.... What's so special about my setup?
I get readings from vlan0, vlan1, eth0, eth1, but nothing on the ips.

**audiophil** · 02-06-2006, 16:55

Finally making progress, just one question oversc0re.
In your shineon.cgi you refer to a /opt/ew.sh which is not included in the archive you uploaded earlier...

**oversc0re** · 02-06-2006, 18:52

errr ... well ... shineon.cgi is a script used for turning on computer via Wake on lan... I wanted to make a http server so that i would be able to turn on my pc when I'm not at home, but never did it.

Here's the contents of ew.sh

Code:

ether-wake -i vlan0 00:50:FC:E4:88:88

If you manage to create the server on a port that would be accessible from wan, please let me know.

Greetz, over

P.S. It's nice to hear you are making some progress.

**audiophil** · 02-06-2006, 18:59

I just turned on enable web access in the web-admin system. Works with both web-admin and my server on :81. Could you just take a peek at my stat, I got these "blanks"... And the scale on the left is way off. I got a 1500kb/500kb connection.
And the "Overall download" doesn't contain any stats.

I'll pm you with the url to stats to avoid abuse.

**oversc0re** · 02-06-2006, 19:59

About your problems:

1) The scale is dynamic. The scale max is allways a little more than the peak value displayed. As your download will increase, so will the scale. The red area and the red line are defined in the graph creation script. You can browse through files and modify it. If you can't find it, let me know, and i'll find it for you.

2) Those blanks are really strange... since there is no line (even at 0) it means, that the data was not captured. I suggest that you restart the router (first run the backup.sh script, so you won't loose the data you have captured so far) and hopefully it won't happen again.

3) The overall download script uses yearly rrd database that is updated only once a day. You wil get your first results in 24 hours.

Let me know if it works...

**mh7916** · 21-09-2006, 10:12

Hi,
I'm using scripts based on barsju's. (http://wl500g.info/showpost.php?p=16719&postcount=23). I changed scripts according to my needs (FUP etc...).

I log traffic made by router itself. I realized that router generates traffic all the time, as you can see on attached picture (There is IP 10.130.0.1 but it is traffic for router itself).

Part of my add_iptables is here:

Code:

# create two chains for in and outbound traffic of ROUTER (HTTP/FTP etc)
iptables -N router_out
iptables -N router_in
# add rules for both directions
iptables -A router_out -s $WAN -d ! 172.19.10.0/24
iptables -A router_in -d $WAN -s ! 172.19.10.0/24

# attach chains to INPUT/OUTPUT
iptables -I INPUT -j router_in -d $WAN -s ! $ipprefix.0/24
iptables -I OUTPUT -j router_out -s $WAN -d ! $ipprefix.0/24

$WAN = 172.19.10.141
$ipprefix = 10.130.0

I think, that my add_iptables.sh is good, because WAN led on my router is always blinking. Traffic is being generated even if all computers on network are off.
Does someone know what is the traffic?

**poiu** · 01-05-2008, 10:09

I try to glue the Oversc0re script on 500gp with -10 firmware.
After tinkering alot with permisions scripts work, get data from vlan1 (wan), but no success with seeing results on :81 ...
The index page is there but no access from lan , look like router block access ..
Is a way to make this work on 500gp ?
Y get the filing y am close ...
Look to me like the default route for www pages generated internally must be on /opt/share/www (on -10 fw) but this script put www on /tmp/harddisk/rrddata/www/ ...
But now i am stuck, someone have a ideea for a beginner like me ?
And dont find where y can specify the port used by this script ..
Now i can open page directly on router with lynx, but is no graphic there

because of lynx ..

LE: Now i can access page on 81, was my mistake failing to edit all scripts. I keep you updated.

**poiu** · 01-05-2008, 16:15

Now its ok, who want script updated for 500 gp ask here....actually is just Overscore said, only some tinkering with makind all .sh executable and update user name and IPs.
One problem now, executing nvram_install.sh kill my samba and transmission ...
Another adventure now, guys its like a safari

LE: find the problem, nvram_install.sh flushed the line "/opt/etc/init.d/rc.unslung start" from post-mount, y added and reboot, and samba and transmision are ok.
The another thing was flushed, post-firewall, and i cant sleep good now, because here y cant understand a thing :
the new post-firewall look like this:

iptables -N traffic_out
iptables -N traffic_in
iptables -A traffic_in -i vlan1
iptables -A traffic_out -o vlan1
iptables -A traffic_in -i vlan1 -d 192.168.1.1
iptables -A traffic_out -o vlan1 -s 192.168.1.1
iptables -A traffic_in -i vlan1 -d 192.168.1.2
iptables -A traffic_out -o vlan1 -s 192.168.1.2
iptables -A traffic_in -i vlan1 -d 192.168.1.3
iptables -A traffic_out -o vlan1 -s 192.168.1.3
iptables -I FORWARD -j traffic_in
iptables -I FORWARD -j traffic_out

I get the filling now y am a sitting duck ....
So, how i can add my rules with 65534 and 22 only open to outside ?
I add my rules in front or what ?

Thread: Graphical IP accounting

Thread Tools

Rate This Thread

Display

Router generates traffic

500gP + rrd

Posting Permissions