[nSLUG] iptables and quotas

Oliver Baltzer ob at init.ca
Mon Jun 2 11:05:10 ADT 2003

Hi Ron,

On 02-Jun-2003 10:35 -0300, Ron Dewar was heard to say:
> I want to see on a (say) daily basis, how much activity there has been
> going through my router in each direction, accumulated from some start
> point, that gets reset to zero at the beginning of each month.  Or at
> least, I want to be able to query some counters that can be reset. 

The easiest way to get information about how much traffic goes through
an interface on your machine is to use the interfaces counter which is
actually shown in the ifconfig output. 'RX bytes' stands for received
bytes on this interface and 'TX bytes' for send bytes. Unfortunately
those counters are 32 bit counters which means they overflow at about 4
GB and start again at 0. It should be possible to write a small script
that periodically reads out these counters, detects overflows and
accumulates the values. However a widely used tool do monitor network
interfaces is mrtg (http://people.ee.ethz.ch/~oetiker/webtools/mrtg/)
which uses SNMP to query your interface counters and produces pretty
images and HTML pages to look at.

> I would rather know how fast I am approaching a limit, and 'restrict
> bandwidth' by getting my kids to stop downloading demos and movies
> until the beginning of the month.  That is, I would adjust policy with
> their knowlege and input rather than setting up some automatic system
> that would slow down certain kinds of traffic. 

For the actual bandwidth management and traffic shaping I can only refer
to the other thread "upstream bandwidth with iptables" where Dop just
pointed to the l7-filter which seems to be a good idea.

Oliver Baltzer <obaltzer at cs.dal.ca>
Dalhousie University
Faculty of Computer Science

More information about the nSLUG mailing list