On Sun, 6 Jan 2002, martin f krafft wrote: > also sprach Matthias Juchem <[EMAIL PROTECTED]> [2002.01.06.1914 >+0100]: > > Does Debian (potato or woody) have tools to account IP traffic per user? > > iptables, as others have suggested. > > AFAIK, the recommended method of doing this is to create a chain for > every user or group of users that you intend to account for separately, > then simply pass the packets through this chain with the appropriate > filter on the UID, and then use iptables counting method to obtain > usable values.
There is one problem with this: the module that matches user IDs can only be used in the OUTPUT chain (as said in the netfilter how-to). > > i totally *need* to implement this sometime very soon. in fact, given > a server that hosts web, mail, and ssh shell accounts for users, i need > to keep track of traffic on a user level... [..] > heck, how can all this be automated and logged on something like a four > times a day basis??? The big problem are the ssh shell accounts. The user can start almost any program that listens on a socket. You wouldn't have log files from this program and you can only account the outgoing traffic with iptables. > since you can only really account for this at the router, and i, for > one, can't do that, my strategy will most likely be to multiply the > final total traffic by a factor. There is a tool set, including a Linux kernel patch: UserIPacct (http://ramses.smeyers.be/homepage/useripacct/). But I do not know how stable it is. Besides, the last patch is for 2.4.6 and I need a more up-to-date 2.4 kernel. > you can stuff 1500 bytes into one packet on ethernet. over the past 20 > days, the average of my users has been about 700 bytes/packet, so the > overhead is around 6%, which i'll just add to the top. it's not exact, > but it'll do. Is there a way to count incoming and outgoing packets per user? Greeting, Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
