[Shorewall-newbies] Accounting help

Tom Eastep teastep at shorewall.net
Wed Feb 11 16:51:43 PST 2004


On Wednesday 11 February 2004 04:40 pm, obones wrote:
> Hi all.
>
> My ISP provides free traffic between users and only charges for download
> from sites outside the network
> It provides a detailled counter but I want to count the traffic on my
> side to see if there are any differences.
> I then did that in the accounting file:
>
> internal:COUNT    -        218.214.96.0/19        -        -    -    -
> internal:COUNT    -        218.214.200.0/21    -        -    -    -
> DONE        internal
> external:COUNT    -        ppp0            -        -    -    -
> DONE        external
>
> Now when I type shorewall show internal external, I get the traffic
> counted which is great.
> But I'm a bit surprised with the value for external. Is it only the
> traffic that didn't match the internal chain ? because the value I get
> for external seems a bit strange, always lower than the internal (i'm
> doing peering on the internal network), but way to big anyway (like 20M
> in 10 minutes) while I'm quite sure I don't download that much..And the
> difference between internal and external is almost always around 5 M.
> ppp0 is the ADSL modem (1500/256), and the IPs I put are IPs that are
> deemed to be internal. I get an IP from one of these ranges when I connect.
> What I would like to do is count the traffic from those two IP ranges as
> internal and everything else as external.
>

The internal chain is counting:

a) Incoming traffic from the two networks that you list.
b) All Output traffic to the net from the firewall itself (since your IP 
address is in one of those ranges).

The external chain is counting all incoming traffic on ppp0.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list