Ebtables: Difference between revisions

(7 intermediate revisions by 2 users not shown)

Line 15:

== /etc/network/interfaces ==

Valid if eth0.20 used ~~IEEE's~~ example of [http://standards.ieee.org/develop/regauth/tut/eui48.pdf AC-DE-48-23-45-67]

Valid if eth0.20 used IEEE’s example of [http://standards.ieee.org/develop/regauth/tut/eui48.pdf AC-DE-48-23-45-67]

iface int0 inet static

Line 65:

# first let’s do some accounting.

# These rules need only match, not do anything, as we are interested in the ~~[[Ebtables~~ ~~counters]]~~.

# These rules need only match, not do anything, as we are interested in the ebtables accounting data.

ebtables -N accounting -P RETURN

ebtables -A accounting --destination AC:DE:48:23:45:67/ff:ff:ff:ff:ff:ff

Line 87:

# mark incoming data so that we can account it.

# The iptables rules should work also with a default DROP target but then additional lines are needed to pass the data that is needed.

iptables -A FORWARD -i ppp0 -o int0 -j MARK --or-mark $MINET

ip6tables -A FORWARD -i ppp0 -o int0 -j MARK --or-mark $MINET

== Accounting ==

To save the accounting data,

I used a script called out from /etc/cron.hourly and will end up with a directory tree with accounting data that resembles that from AAISP’s clueless pages but broken down by MAC address. If I had [[Ethernet over ADSL]] then the ISP might do this step instead. Old data may need to be rotated away from the output area eventually though.

#!/bin/bash

MYTIME=`date +%s`

DIR=`date -d @$MYTIME +/var/local/ebacct/%Y-%m-%d/%H -u`

PARA=

if test -n "$(mkdir -pv $DIR)"

then

PARA=-Z

DIR=`date -d @$(( $MYTIME - 3600 )) +/var/local/ebacct/%Y-%m-%d/%H -u`

fi

while read F MAC N N N N N PACKET N N N OCTETS N

do

if test "$F" = "-d"

then

PT=$DIR/${MAC:0:2}${MAC:3:2}${MAC:6:2}${MAC:9:2}${MAC:12:2}${MAC:15:2}

mkdir -p $PT

echo $PACKET > $PT/packets

echo $OCTETS > $PT/octets

fi

done <<<"$(ebtables -L accounting --Lc --Lmac2 $PARA)"

[[Category:3rd Party Routers]]