I think this would work fine with the iptables patch (for 2.4), if you would do the counting in the mangle/PREROUTING chain.. ipchains is fundamentally inflexible, so I don't have much hope that it will be possible to get that working.
On Fri, Dec 07, 2001 at 04:03:31AM +0100, blinky wrote: > beware: this mail is maybe written in a confusing way and because of my not that >good english bad to understand! ;-) > > > hi there! > > i just discussed with a fried if it is possible to account ip-based traffic with a >bridge. > i would be happy if you can give me a hint how to do the thingy i'll try to describe >you now: > > image an uplink port #1. this port handles all traffic from and to the internet. > on port #2 (configured as monitoring port for #1) i want to attach a linux-box that >should act as traffic accounting server. > on the other ports there are some servers. > > now i want to figure out how many traffic passed from the server at (e.g.) port #7 >to the internet and vice versa. local traffic (like port #7 -> port #5) shouldn't get >counted. > > i thought about having the linux-box on port #2 acting as a bridge (to get the >network-card into promiscous mode and have the kernel count the bytes ) and and use >ipchains [with the ipchains-bridging-patch] to count the amount of bytes with rules >like > > 10.0.0.10, port * -> any > any -> 10.0.0.10, port * > > > the problem is that the server with ip# 10.0.0.10 is physically on port #7 and not >on the other side of the bridge and so the kernel doesn't bridge the packets. is >there a way to have it bridging the packets into nirvana (/dev/null or a network-card >without any cable connected to it)? means: is there a way to tell the kernel that >every MAC-address exists on the "no_cable_connected_to_it" network-card? this way the >kernel would do forwarding for every packet and the bytes would appear in ipchains. >it doesn't matter that the forwarded (=bridged) packets doesn't arrive anywhere since >they are duplicates (via the mirror-port) anyway. the only import thingy is that it >is possible to count the traffic. > > > thanks for reading and any help! :-) > > - > daniel > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
