Re: [LARTC] API using cbq / tc ?
I am just written ( I won't say completed !) a program which performs traffic read operation. It is a VB client program talking to a C TCP socket server. Everything is based on scripting, so it could be flaky right now, so you might have to be patient :-) The server has been tested running on my Linux 2.4.20 machine. The VB GUI program charts the traffic data on per interface and per-class/qdisc basis. It also displays the class/qdisc relationship in a hierarchical (GUI) tree diagram. The intention is for you to determine how effective is your class/qdisc. The server is pure C ( without any other fancy libraries ) to reduce the footprint because my intention is to let it run on a floppy-based NAT firewall/router, which I have tested against floppyfw ( http://www.zelow.no/floppyfw/ ). I will be enhancing it in the future to allow service-by-service traffic charting, based on iptables' traffic counter. Any interest parties could mail to me and we shall see how thing goes. Regards. --- Stef Coene <[EMAIL PROTECTED]> wrote: > On Friday 07 February 2003 05:25, Srikanth wrote: > > Our GUI developers are using X based (Qt) only, > not web based. > I prefer web based. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Count no of hosts
: Is there any way to dynamically measure the no of concurrent internal
: hosts (IP's) utilising the linux NAT Gateway/forwarding box.
If you have root level access to the box, you can use a bit of shell to
determine the number of concurrent "clients" in any given instant. This
assumes, of course, that you don't have an internally SNATed/masqueraded
network which {c,w}ould hide more clients.
ipchains?
# /sbin/ipchains -MnL | awk '/[0-9][0-9]:[0-9][0-9]/{print $3}' \
> | sort | uniq | wc -l
iptables?
# awk '/(ESTABLISHED|ASSURED)/{print $5}' /proc/net/ip_conntrack \
> | sort | uniq
Naturally with iptables, you'll need to know a bit more about your use of
the connection tracking to disambiguate any inbound or internal to DMZ
connections to accurately count your SNAT/MASQUERADEd connections.
The above shell is not designed with efficiency in mind (obviously), but
you get the idea.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] iptables : Incoming mail and ping problem
On Thu, Feb 06, 2003 at 07:38:54PM +0600, Shaheen Hossain wrote: > Diff between File I ( iptablesRC ) and File II (iptablesRC.2). File I works for >incoming mail. File II does not for incoming mail, neither does pinging to this >server to its external interface NIC IP. > > I could not figure out what the difference in these port allowing, reject or accept >commands which are keeping the in-coming mail from coming on a RH Linux 7.3. Please >help. Thanks. > > -- > [shossain@mohican shossain]$ diff /home/admin/firewall/iptablesRC >/home/admin/firewall/iptablesRC.2 | more > 162c162 > < $IPTABLES -A allowed -p TCP -j REJECT > --- > > $IPTABLES -A allowed -p TCP -j DROP > 185,187c185,187 > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1503 -j allowed > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3389 -j allowed > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5001:65535 -j allowed > --- > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1500:65535 -j allowed > 192,200c192,200 > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 22 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 25 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 42 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 80 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 113 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 143 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 174 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 443 -j ACCEPT > < $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 5001:65535 -j ACCEPT > --- > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 22 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 25 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 42 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 80 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 113 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 143 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 174 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 443 -j ACCEPT > > $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 1500:65535 -j ACCEPT > 262d261 > < > 268d266 > < Send both files, not differences. -- GPG-Key: http://www.bartek.bicom.pl/public_key.txt pub 1024D/948DE45D 2002-12-12 Bartek Krajnik <[EMAIL PROTECTED]> Primary key fingerprint: 95E9 8E2D 1801 7864 2244 6EAA 03E5 764D 948D E45D ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
