Per IP Traffic accounting

[mekabe remain]

Maybe it is better if you tell me how I can monitor traffic with iptables on this router.
If I can start monitoring and then read what is collected, then I can query myself periodically and try to calculate what I need.

I don't need a complicated script.

 

[ColinTaylor]

nslookup: can't resolve 'XEON-POWER'

I'd guess this is because you have set Tools - Other Settings > Wan: Use local caching DNS server as system resolver to No.

 

[mekabe remain]

I'd guess this is because you have set Tools - Other Settings > Wan: Use local caching DNS server as system resolver to No.

I did not set it like that. It is "no" by default.
Besides, the problem is not hostname. If you look at my previous post you'll see that I also tried with plain IP address and it does not work like that.

 

[ColinTaylor]

I did not set it like that. It is "no" by default.

Sorry, I didn't mean the suggest that you had deliberately set that to No, but rather that it is set to No. I've just checked and that setting will indeed cause the nslookup error. But as you say, there appears to be other problems as well.

 

[Martineau]

Maybe it is better if you tell me how I can monitor traffic with iptables on this router.
If I can start monitoring and then read what is collected, then I can query myself periodically and try to calculate what I need.

I don't need a complicated script.

If you can successfully ping

/jffs/scripts# ping 192.168.254.20

then if the following fails

/jffs/scripts# ./QuotaMonitor.sh resetdel

/jffs/scripts# ./QuotaMonitor.sh monitor init ip=192.168.254.20

and the following doesn't detect any IPs

/jffs/scripts# ./QuotaMonitor.sh resetdel

/jffs/scripts# ./QuotaMonitor.sh monitor init ip=auto

then follow the advice highlighted below

to set up the iptables rules manually.

 

[mekabe remain]

If you can successfully ping

/jffs/scripts# ping 192.168.254.20

then if the following fails

/jffs/scripts# ./QuotaMonitor.sh resetdel

/jffs/scripts# ./QuotaMonitor.sh monitor init ip=192.168.254.20

and the following doesn't detect any IPs

/jffs/scripts# ./QuotaMonitor.sh resetdel

/jffs/scripts# ./QuotaMonitor.sh monitor init ip=auto

then follow the advice highlighted below


to set up the iptables rules manually.

I really did not understand what you meant with this post.
Because I don't know what to expect from the output if the script was working fine.

I can surely ping 192.168.254.20 from the router.

Then following commands:
/jffs/scripts# ./QuotaMonitor.sh resetdel
/jffs/scripts# ./QuotaMonitor.sh monitor init ip=192.168.254.20

output:

admin@RT-AX88U-26C8:/jffs/scripts# ./QuotaMonitor.sh resetdel

 v1.07 Quota Monitoring.....

        Quota Monitoring does not exist.

admin@RT-AX88U-26C8:/jffs/scripts# ./QuotaMonitor.sh monitor init ip=192.168.254.20

 v1.07 Quota Monitoring.....

        Quota Monitoring Setup complete.


        ***ERROR '192.168.254.20' already in monitor list or (192.168.254.20) invalid?

so it fails ???

and following code does not detect any IPs.
"./QuotaMonitor.sh monitor init ip=auto"

what now ?
what do you suggest me to do ?

If I knew how to start monitoring accounting with iptables I would do it.
But on this router I could not find out how to achieve it.
Maybe it is because the kernel does not support ???

 

[Martineau]

following code does not detect any IPs.
./QuotaMonitor.sh monitor init ip=auto
what now ?
what do you suggest me to do ?

No idea given your post

Per IP Traffic accounting

Maybe it is better if you tell me how I can monitor traffic with iptables on this router. If I can start monitoring and then read what is collected, then I can query myself periodically and try to calculate what I need. I don't need a complicated script.

www.snbforums.com

However, for the benefit of others who may still kindly wish to encourage/support my shoddy scripting efforts, I have uploaded v1.08 that allows monitoring of LAN devices that do not have a registered hostname.

So the following should now work

./QuotaMonitor.sh resetdel

./QuotaMonitor.sh monitor init ip=auto

 

[mekabe remain]

Thanks.

I found the problem with my setup. (most of the hosts do not have a LAN name)
So I applied a workaround to the script and then added hosts to monitor.

now I can see the accounting data in tables MyQUOTAo and MyQUOTAi

However it does not represent the reality. I might be doing something wrong.
Please help me.

in this scenario, I downloaded a 3GB file from the host named MEDIASERVER with IP 192.168.254.20

before the download , tables show:

admin@RT-AX88U-26C8:/jffs/scripts# iptables  -vL MyQUOTAi  | grep MEDIA
22916 7930K            all  --  ppp0   br0     anywhere             MEDIASERVER          /* MEDIASERVER */
admin@RT-AX88U-26C8:/jffs/scripts# iptables  -vL MyQUOTAo  | grep MEDIA
21981 5697K            all  --  br0    ppp0    MEDIASERVER          anywhere             /* MEDIASERVER */

and after 3GB download they show

admin@RT-AX88U-26C8:/jffs/scripts# iptables  -vL MyQUOTAi  | grep MEDIA
27042 9694K            all  --  ppp0   br0     anywhere             MEDIASERVER          /* MEDIASERVER */
admin@RT-AX88U-26C8:/jffs/scripts# iptables  -vL MyQUOTAo  | grep MEDIA
25686 6550K            all  --  br0    ppp0    MEDIASERVER          anywhere             /* MEDIASERVER */

the difference in RX is only 9694K - 7930K = 1764K
But 3GB was downloaded

and the bytes to KB conversion seems correct because the output with plain bytes is :

admin@RT-AX88U-26C8:/jffs/scripts# iptables  -nvxL MyQUOTAo  | grep MEDIA
   26740  6829683            all  --  br0    ppp0    192.168.254.20       0.0.0.0/0            /* MEDIASERVER */
admin@RT-AX88U-26C8:/jffs/scripts# iptables  -nvxL MyQUOTAi  | grep MEDIA
   28135  9870518            all  --  ppp0   br0     0.0.0.0/0            192.168.254.20       /* MEDIASERVER */

what am I doing wrong ?

Btw, nobody cleared the counters while downloading.
I did not run "QuotaMonitor monitor" command when downloading.

I also tested with "QuotaMonitor monitor" and it did not show an increase more than what plain "iptables" output shows.

 

[mekabe remain]

any ideas on this ?

 

[mekabe remain]

hi guys,
I really want to understand this. what may be the problem with iptables accounting ?

 

[RMerlin]

hi guys,
I really want to understand this. what may be the problem with iptables accounting ?

ipt_account was written over 10 years ago for old kernels. I was able to fix it to make it work on 2.6.36, however it's impossible to make it work on any 4.x kernels because it's built around poking iptables elements that are now opaque since 3.x, meaning the whole module would have to be rewritten to work with newer kernels.

 

[mekabe remain]

ipt_account was written over 10 years ago for old kernels. I was able to fix it to make it work on 2.6.36, however it's impossible to make it work on any 4.x kernels because it's built around poking iptables elements that are now opaque since 3.x, meaning the whole module would have to be rewritten to work with newer kernels.

thanks. so you mean, ipt_account does not work good on new kernels even if the device/server uses a normal Linux distro ? (that's new to me)
what else can I do to measure what I want ?

 

[ColinTaylor]

thanks. so you mean, ipt_account does not work good on new kernels even if the device/server uses a normal Linux distro ? (that's new to me)

Correct.

what else can I do to measure what I want ?

Use @Martineau's script.

 

[RMerlin]

thanks. so you mean, ipt_account does not work good on new kernels even if the device/server uses a normal Linux distro ?

It flat out can't be compiled with newer kernel versions.

 

[mekabe remain]

Correct.


Use @Martineau's script.

oh come on....
have you followed the last 2 pages of this post ?

I already installed Martineau's script. Fixed some minor issues with it.
but it does not work correct.
counters are not correct.

that's why I am asking for an alternative...

 

[ColinTaylor]

Yes I have read all the posts in this thread. It was unclear what the problem with the script was or what you did to try and fix it. It looked to me like you were downloading a file from a server elsewhere on your LAN. If so then of course the script wouldn't record that.

 

[mekabe remain]

Yes I have read all the posts in this thread. It was unclear what the problem with the script was or what you did to try and fix it. It looked to me like you were downloading a file from a server elsewhere on your LAN. If so then of course the script wouldn't record that.

no it is not a local download. I downloaded a 1 GB linux installation file from Ubuntu site.
but it did not get recorded by the script.

 

[Martineau]

no it is not a local download. I downloaded a 1 GB linux installation file from Ubuntu site.
but it did not get recorded by the script.

As stated previously, (and there is a comment in the script header) if Hardware Acceleration is ENABLED then NO comprehensibly accurate data can be collated by iptables.

However, RT-AC86U with Hardware Acceleration DISABLED, and on the laptop I initiated the download of 'ubuntu-20.04.3-desktop-amd64.iso'

./QuotaMonitor.sh monitor dlimit=6GB cap=100GB init ip=192.168.1.38

v1.08 Quota Monitoring.....

    Quota Monitoring Setup complete.


    Quota Monitoring clients: 192.168.1.38 (192.168.1.38 ) Added
  
Monitoring Resuming in 00:00:05 seconds....

v1.08 Quota Monitoring.....

  

            IN/OUT Columns Legend : 0% <10% >10% >50% >75% and >80% of Quota limits

    YYYY/MM/DD(Day) HH:MM:SS Host Name       IP address             IN        OUT    Rx Rate    Tx Rate Per/Sec       Used   Data Cap

    2021-10-06(Wed) 21:35:20 HP-Envy13       192.168.1.38      0 Bytes    0 Bytes    6.00 GB   10.00 MB 60         0 Bytes  100.00 GB
    2021-10-06(Wed) 21:36:20 HP-Envy13       192.168.1.38    128.18 MB    1.45 MB    6.00 GB   10.00 MB 60       129.63 MB  100.00 GB
    2021-10-06(Wed) 21:37:21 HP-Envy13       192.168.1.38    195.94 MB    2.24 MB    6.00 GB   10.00 MB 60       327.81 MB  100.00 GB
    2021-10-06(Wed) 21:38:22 HP-Envy13       192.168.1.38    177.42 MB    2.08 MB    6.00 GB   10.00 MB 60       507.31 MB  100.00 GB
    2021-10-06(Wed) 21:39:23 HP-Envy13       192.168.1.38    186.23 MB    2.18 MB    6.00 GB   10.00 MB 60       695.71 MB  100.00 GB
    2021-10-06(Wed) 21:40:23 HP-Envy13       192.168.1.38    184.12 MB    2.19 MB    6.00 GB   10.00 MB 60       882.03 MB  100.00 GB
    2021-10-06(Wed) 21:41:23 HP-Envy13       192.168.1.38    171.73 MB    2.01 MB    6.00 GB   10.00 MB 60         1.03 GB  100.00 GB
    2021-10-06(Wed) 21:42:23 HP-Envy13       192.168.1.38    173.44 MB    2.04 MB    6.00 GB   10.00 MB 60         1.20 GB  100.00 GB
    2021-10-06(Wed) 21:43:23 HP-Envy13       192.168.1.38    160.87 MB    1.95 MB    6.00 GB   10.00 MB 60         1.36 GB  100.00 GB
    2021-10-06(Wed) 21:44:23 HP-Envy13       192.168.1.38    193.34 MB    2.22 MB    6.00 GB   10.00 MB 60         1.55 GB  100.00 GB
    2021-10-06(Wed) 21:45:23 HP-Envy13       192.168.1.38    164.01 MB    1.96 MB    6.00 GB   10.00 MB 60         1.71 GB  100.00 GB
    2021-10-06(Wed) 21:46:23 HP-Envy13       192.168.1.38    185.13 MB    2.17 MB    6.00 GB   10.00 MB 60         1.90 GB  100.00 GB
    2021-10-06(Wed) 21:47:23 HP-Envy13       192.168.1.38    166.88 MB    1.84 MB    6.00 GB   10.00 MB 60         2.06 GB  100.00 GB
    2021-10-06(Wed) 21:48:23 HP-Envy13       192.168.1.38    187.61 MB    2.03 MB    6.00 GB   10.00 MB 60         2.25 GB  100.00 GB
    2021-10-06(Wed) 21:49:23 HP-Envy13       192.168.1.38    195.44 MB    2.18 MB    6.00 GB   10.00 MB 60         2.44 GB  100.00 GB
    2021-10-06(Wed) 21:50:24 HP-Envy13       192.168.1.38    179.28 MB    2.07 MB    6.00 GB   10.00 MB 60         2.62 GB  100.00 GB
    2021-10-06(Wed) 21:51:25 HP-Envy13       192.168.1.38    200.87 MB    2.24 MB    6.00 GB   10.00 MB 60         2.82 GB  100.00 GB
    2021-10-06(Wed) 21:52:26 HP-Envy13       192.168.1.38    171.42 MB    1.92 MB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
    2021-10-06(Wed) 21:53:26 HP-Envy13       192.168.1.38     23.01 KB    7.56 KB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
    2021-10-06(Wed) 21:54:27 HP-Envy13       192.168.1.38     22.72 KB    7.40 KB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
^C
        Signal INT (Ctrl+C) received, Script Termination......

 

[albinoman887]

how do i check that the domains are being pulled from the dnsmasq.conf file?

 

[mekabe remain]

As stated previously, (and there is a comment in the script header) if Hardware Acceleration is ENABLED then NO comprehensibly accurate data can be collated by iptables.

However, RT-AC86U with Hardware Acceleration DISABLED, and on the laptop I initiated the download of 'ubuntu-20.04.3-desktop-amd64.iso'

./QuotaMonitor.sh monitor dlimit=6GB cap=100GB init ip=192.168.1.38

v1.08 Quota Monitoring.....

    Quota Monitoring Setup complete.


    Quota Monitoring clients: 192.168.1.38 (192.168.1.38 ) Added
 
Monitoring Resuming in 00:00:05 seconds....

v1.08 Quota Monitoring.....

 

            IN/OUT Columns Legend : 0% <10% >10% >50% >75% and >80% of Quota limits

    YYYY/MM/DD(Day) HH:MM:SS Host Name       IP address             IN        OUT    Rx Rate    Tx Rate Per/Sec       Used   Data Cap

    2021-10-06(Wed) 21:35:20 HP-Envy13       192.168.1.38      0 Bytes    0 Bytes    6.00 GB   10.00 MB 60         0 Bytes  100.00 GB
    2021-10-06(Wed) 21:36:20 HP-Envy13       192.168.1.38    128.18 MB    1.45 MB    6.00 GB   10.00 MB 60       129.63 MB  100.00 GB
    2021-10-06(Wed) 21:37:21 HP-Envy13       192.168.1.38    195.94 MB    2.24 MB    6.00 GB   10.00 MB 60       327.81 MB  100.00 GB
    2021-10-06(Wed) 21:38:22 HP-Envy13       192.168.1.38    177.42 MB    2.08 MB    6.00 GB   10.00 MB 60       507.31 MB  100.00 GB
    2021-10-06(Wed) 21:39:23 HP-Envy13       192.168.1.38    186.23 MB    2.18 MB    6.00 GB   10.00 MB 60       695.71 MB  100.00 GB
    2021-10-06(Wed) 21:40:23 HP-Envy13       192.168.1.38    184.12 MB    2.19 MB    6.00 GB   10.00 MB 60       882.03 MB  100.00 GB
    2021-10-06(Wed) 21:41:23 HP-Envy13       192.168.1.38    171.73 MB    2.01 MB    6.00 GB   10.00 MB 60         1.03 GB  100.00 GB
    2021-10-06(Wed) 21:42:23 HP-Envy13       192.168.1.38    173.44 MB    2.04 MB    6.00 GB   10.00 MB 60         1.20 GB  100.00 GB
    2021-10-06(Wed) 21:43:23 HP-Envy13       192.168.1.38    160.87 MB    1.95 MB    6.00 GB   10.00 MB 60         1.36 GB  100.00 GB
    2021-10-06(Wed) 21:44:23 HP-Envy13       192.168.1.38    193.34 MB    2.22 MB    6.00 GB   10.00 MB 60         1.55 GB  100.00 GB
    2021-10-06(Wed) 21:45:23 HP-Envy13       192.168.1.38    164.01 MB    1.96 MB    6.00 GB   10.00 MB 60         1.71 GB  100.00 GB
    2021-10-06(Wed) 21:46:23 HP-Envy13       192.168.1.38    185.13 MB    2.17 MB    6.00 GB   10.00 MB 60         1.90 GB  100.00 GB
    2021-10-06(Wed) 21:47:23 HP-Envy13       192.168.1.38    166.88 MB    1.84 MB    6.00 GB   10.00 MB 60         2.06 GB  100.00 GB
    2021-10-06(Wed) 21:48:23 HP-Envy13       192.168.1.38    187.61 MB    2.03 MB    6.00 GB   10.00 MB 60         2.25 GB  100.00 GB
    2021-10-06(Wed) 21:49:23 HP-Envy13       192.168.1.38    195.44 MB    2.18 MB    6.00 GB   10.00 MB 60         2.44 GB  100.00 GB
    2021-10-06(Wed) 21:50:24 HP-Envy13       192.168.1.38    179.28 MB    2.07 MB    6.00 GB   10.00 MB 60         2.62 GB  100.00 GB
    2021-10-06(Wed) 21:51:25 HP-Envy13       192.168.1.38    200.87 MB    2.24 MB    6.00 GB   10.00 MB 60         2.82 GB  100.00 GB
    2021-10-06(Wed) 21:52:26 HP-Envy13       192.168.1.38    171.42 MB    1.92 MB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
    2021-10-06(Wed) 21:53:26 HP-Envy13       192.168.1.38     23.01 KB    7.56 KB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
    2021-10-06(Wed) 21:54:27 HP-Envy13       192.168.1.38     22.72 KB    7.40 KB    6.00 GB   10.00 MB 60         2.99 GB  100.00 GB
^C
        Signal INT (Ctrl+C) received, Script Termination......

ok. so you say , iptables can not collect correct information from accounting tables.
is it possible to disable hardware acceleration on AX88U ? (if yes, how ?)