The first thing to note is that ipchains has very different structure from iptables. Please refer to documentation on netfilter.kernelnotes.org. iptables is more robust and easier to manage primarily due to its stateful nature which you could by now find only in commercial routers/firewalls.
The second thing to note is that although in case of 256 hosts you would have 512 iptables rules, it's not true that every packet should fall through every rule. Actually, you would define 'RETURN' target so that chain traversal stops as soon as the rule is matched. You can further optimize the setup by observing that you can collect the statistics about your hosts and put the hosts with the highest traffic at the beginning of your chain. You can bind iptables rules to external interface only so that internal traffic is not accounted. As for nacctab syntax, it's quite explanatory and there are no catches. Be careful to collect the data on one interface only. You will also need ipacct utility (which is part of debian distribution, afaik). If you are having high traffic (with peaks over 1 MByte/sec) and consider running nacctd then you should purchase reasonably fast processor (pentiums over 800 MHz should be fine). Oh, by the way, nacctd works by putting interface into promiscous mode. It doesn't need firewalling (although you should use firewall for security reasons in any case!). Kresimir ----- Forwarded message from Norman Schmidt <[EMAIL PROTECTED]> ----- I want to do the same with ipchains (2.2.19 kernel). There is a debian package (can�t remember the name) which inserts more ipchains rules into the ruleset. The packets go through these rules unchanged, they�re just counted. The problem is that with ipchains, I would need quite a lot of rules to count for 256 connected hosts individually, and in addition to that to count the volume that costs us and the volume that doesn�t cost (university-internally) seperately. The problem with using the iptables counters is quite the same. net-acctd seems to count for each connection seperately, not by host, so you have to build sums yourself out of the logfiles. It doesn�t have to insert lots of additional ipchains-rules, but, as you mentioned, might count wrongly, especially under high load. Is there a better documentaiton for the naccttab syntax? I�m afraid it is far too unprecise, and I can�t try everything out. Any other ideas or docs for net-acct? Thanks, NOrman. [EMAIL PROTECTED] wrote: > > I suggest to check net-acctd before giving suggestions to use it -- -- Norman Schmidt Universitaet Erlangen-Nuernberg cand.chem. Sysadmin Wohnheimnetzwerk RatNET mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
