IP Accounting for Smoothwall GPL 1.0
[This modification has been verified to work with Smoothwall GPL 1.0.
Please refer to this page for information about ipac-ng on
Smoothwall Express 2.0.]
This page will show you how to configure ip accounting on your
Smoothwall, so you can monitor and track how much internet traffic each
pc behind your Smoothwall server is generating.
Requirements:
You'll need:
-
A Smoothwall GPL 1.0 installation (obviously...).
-
A way of getting a command-line prompt on your Smoothwall box
(either by logging directly onto your Smoothwall box,
using a SSH client such as
PuTTY
or SSH Secure Shell,
or via the Smoothwall web interface).
Configuration:
Ensure you have SSH enabled on your Smoothwall (it's configured on the
"remote access" page. This is required for copying files to your Smoothwall
via SCP, and for logging into your Smoothwall with SSH.
Note that Smoothwall already has ipac installed.
The configuration for ipac is stored in
/etc/ipac.conf. However, this file is re-created
each time Smoothwall reboots, so any changes made to this file will
be lost when Smoothwall is rebooted.
The ipac.conf configuration file is generated by
/etc/rc.d/helper/writeipac.pl, so you need to
make your changes to it, instead of editing ipac.conf.
Edit /etc/rc.d/helper/writeipac.pl,
and for each PC behind your
Smoothwall that you want to monitor, add the following just before the
close FILE; line at the end of the file:
print FILE "user1 in|out|eth0|all|! 10.0.0.1|10.0.0.2\n";
print FILE "user1 out|in|eth0|all|10.0.0.2|! 10.0.0.1\n";
print FILE "user2 in|out|eth0|all|! 10.0.0.1|10.0.0.3\n";
print FILE "user2 out|in|eth0|all|10.0.0.3|! 10.0.0.1\n";
where
user1 is the description of the PC being monitored
eth0 is Smoothwall's green interface
10.0.0.2 is the IP address of the PC to be monitored behind your Smoothwall
10.0.0.1 is the IP address of your Smoothwall's green interface
\n inserts an end-of-line character
If you only want to monitor incoming traffic to a specific PC, and are not interested
in the outgoing traffic, then leave out the user1 out|in|eth0.... line
(or comment it out with a #).
To rebuild your /etc/ipac.conf file with your modifications, run
/etc/rc.d/helper/writeipac.pl
and to make the changes take effect, run
/usr/local/bin/ipacset
Smoothwall will now start monitoring all traffic to and from each of the IP addresses
you've specified.
To add additional trends for these IP addresses to Smoothwall's
traffic graphs page,
edit /home/httpd/cgi-bin/graphs.cgi,
and immediately after the line
push (@graphs, ("Incoming RED (ISDN PPP)", "Outgoing RED (ISDN PPP)")); }
insert a corresponding line like this for additional ipac rule you've added
push (@graphs, ("user1 in", "user1 out"));
push (@graphs, ("user2 in", "user2 out"));
Note that if you're only monitoring incoming traffic for an IP address, and not
outgoing traffic, it can be simplified to
push (@graphs, "user1 in");
push (@graphs, "user2 in");
These trends are updated every half hour.
Total bandwidth usage over any period of time can be displayed by running
ipacsum from a command prompt on your Smoothwall.
Running ipacsum without any parameters will show
the bandwidth for each configured rule that's ever been logged.
Alternatively, running ipacsum -t "this month" will
show the bandwidth for each configured rule over the current month.
Run ipacsum --help for more information on using it.
References:
ipac - Linux IP accounting package
last updated 4 Aug 2004
| 
