Trouble not in proxy at all, I think.
tcpdump shows sorurce & destination IP's correctly with and without proxy. I
think that pmacct works with the same data but don't change the agent_id
field ...
the network looks like:
LANs Router Internet
[192.168.1.0/24]---[eth1-192.168.1.1 ]
[eth0 xx.xx.xx.xx NAT]---[World & UA-IX]
[192.168.2.0/24]---[eth2 192.168.2.1 ]
I want to tag all UA-IX traffic from/to local networks as agent_id=2 and other
traffic leave as agent_id=0 ...
=== /etc/pmacct/pmacct.conf:
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
debug: false
promisc: false
interface: any
networks_file: /etc/pmacct/networks
pcap_filter: not ip broadcast
pre_tag_map: /etc/pmacct/pretag.map
aggregate[i]: dst_host,src_host,tag
aggregate[o]: src_host,dst_host,tag
aggregate_filter[i]: dst net 192.168.0.0/16
aggregate_filter[o]: src net 192.168.0.0/16
plugins: mysql[i], mysql[o]
sql_db: pmacct
sql_table: acct
sql_table_version: 2
sql_passwd: ******
sql_user: pmacct
sql_refresh_time: 60
sql_history: 1h
sql_history_roundoff: mhd
sql_optimize_clauses: true
=== /etc/pmacct/networks:
192.168.0.0/16
=== /etc/pmacct/pretag.map: (1640 lines with all UA-IX networks)
...
id=2 filter='net 82.144.192.0/19'
...
id=2 filter='net 195.144.25.0/24'
...
$> select agent_id,ip_src,ip_dst,packets,bytes from acct where ip_src
like '82.144.19%' or ip_dst like '82.144.19%'
+----------+---------------+---------------+---------+-------+
| agent_id | ip_src | ip_dst | packets | bytes |
+----------+---------------+---------------+---------+-------+
| 2 | 192.168.1.197 | 82.144.192.9 | 12 | 546 |
| 2 | 82.144.192.9 | 192.168.1.197 | 13 | 5753 |
| 2 | 82.144.192.9 | 192.168.1.197 | 26 | 11506 |
| 2 | 192.168.1.197 | 82.144.192.9 | 24 | 1092 |
| 2 | 82.144.193.97 | 192.168.1.198 | 7 | 392 |
+----------+---------------+---------------+---------+-------+
$> select agent_id,ip_src,ip_dst,packets,bytes from acct where ip_src
like '195.144.25.%' or ip_dst like '195.144.25.%'
+----------+---------------+---------------+---------+----------+
| agent_id | ip_src | ip_dst | packets | bytes |
+----------+---------------+---------------+---------+----------+
| 0 | 195.144.25.26 | 192.168.1.197 | 39212 | 58807788 |
| 0 | 192.168.1.197 | 195.144.25.26 | 19913 | 803561 |
| 0 | 195.144.25.26 | 192.168.1.197 | 33568 | 50349170 |
| 0 | 192.168.1.197 | 195.144.25.26 | 17030 | 686232 |
+----------+---------------+---------------+---------+----------+
So, some hosts are tagged, but not all described in pretag.map.
I don't know where to dig to solve this problem ...
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
