HowToMonitorInternetTrafficTotals

Revision 4 as of 2005-07-26 06:13:36

Clear message

Aimed at people with a small home network, who want to monitor the amount uploaded / download from the internet but not the local traffic on the LAN. This might be useful if your ISP sets monthly bandwidth limits, and you also transfer files across your local network.

The instructions guide you through setting up IPAC-NG, an iptables/ipchains based IP accounting package.

Installation

First install ipac-ng, which is in universe. Either use Synaptic or type: 

sudo aptitude install ipac-ng

Configuration

Edit /etc/ipac-ng/rules.conf to tell it the type of traffic you want to log. To simply measure upload and download totals, it should read: 

# /etc/ipac-ng/rules.conf

total upload |ipac~i|eth0|all||
total download |ipac~o|eth0|all||

Note: replace eth0 with the network adapter you wish to measure.

Edit /etc/ipac-ng/ipac.conf and change the storage method to gdbm, otherwise the logs will take up a very large amount of space. (postgre could probably be used too) 

# /etc/ipac-ng/ipac.conf

storage = gdbm

To ignore LAN traffic, some simple iptables rules are added to the startup scripts. Edit /etc/init.d/ipac-ng and add the four lines between the ##'s as follows: 

## /etc/init.d/ipac-ng

case "$1" in
  start)
        echo -n "Starting $DESC: "
        check
        $DAEMON -S
## ADDED: Extra rules to exclude all LAN traffic:
        $IPTABLES -I INPUT -s aaa.bbb.ccc.0/24 -j ACCEPT
        $IPTABLES -I OUTPUT -d aaa.bbb.ccc.0/24 -j ACCEPT
##      
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        # fetch accounting before removing the rules
        $DAEMON
        echo -n "flushing IP accounting rules ..."
        $IPTABLES --flush ipac~o
        $IPTABLES --flush ipac~i
        $IPTABLES --flush ipac~fi
        $IPTABLES --flush ipac~fo
        # here should the ipac_* rule be removed from INPUT OUTPUT and FORWARD but --flush is
        # evil because it would remove all rules in these chains.
## ADDED: Remove the extra rules here:
        $IPTABLES -D INPUT -s aaa.bbb.ccc.0/24 -j ACCEPT
        $IPTABLES -D OUTPUT -d aaa.bbb.ccc.0/24 -j ACCEPT
##
        echo "$NAME stopped."
        ;;

Note: replace aaa.bbb.ccc.0 with your local network. For example, if your router is at 192.168.0.1, you would use 192.168.0.0.

That's it! The traffic totals will be automatically fetched from iptables every 10 minutes when your computer is running. To view the totals, use 'ipacsum'. It can be configured to display a specific time interval, and will even draw graphs of the traffic.

[http://ipac-ng.sourceforge.net/]

CategoryDocumentation CategoryCleanup