Network accounting
Jon Simola
jsimola at gmail.com
Mon Jan 17 13:26:34 PST 2005
On Mon, 17 Jan 2005 21:11:13 +0100, Andrew Seguin <asegu at borgtech.ca> wrote:
> But, here's my situation. A dedicated FreeBSD transparent firewall-bridge
> with 3 NICs (two for the bridge w/o IP, one for console). I'm using IPFW for
> the firewall, and at the moment I'm doing some very bare-bones statistics
> via a couple of count rules. I track abusive users through random usage of
> TCPDump (when I feel like it basically).
What I was doing with the same setup:
$IPFW pipe 1 config mask src-ip 0xffffffff buckets 512
$IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512
$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged
Then 'ipfw pipe 1 show' gives you cumulative upload BW usage, and
'ipfw pipe 2 show' gives download usage. Every 15 minutes I had a perl
script that ran, computed the difference in the current and last
counts, and logged that to a mySQL database. Then I could query the
database at will for usage stats or make graphs.
I've been running that system and billing a few hundred customers with
it for about 3 years now.
More information about the freebsd-net
mailing list