traffic accounting per IP with iptables and munin

Notes on graphing traffic per IP address on a host with munin.

Assuming the host has installed munin-node and it is a host that does not route traffic.

The IP addresses used by the host:
# ip a
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN 
    ...
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    ...
    inet 192.0.2.156/28 brd 94.70.136.159 scope global eth0
    inet 10.21.241.34/25 brd 10.21.241.127 scope global eth0:1
    inet 10.21.241.35/25 brd 10.21.241.127 scope global secondary eth0:2
    ...



The accounting iptables rules
iptables -I INPUT -d 192.0.2.156
iptables -I INPUT -d 10.21.241.34
iptables -I INPUT -d 10.21.241.35
iptables -I OUTPUT -s 192.0.2.156
iptables -I OUTPUT -s 10.21.241.34
iptables -I OUTPUT -s 10.21.241.35



Test the accounting rules
# iptables -L -n -x -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
    1446   216063            all  --  *      *       0.0.0.0/0            10.21.241.35        
    9765   772474            all  --  *      *       0.0.0.0/0            10.21.241.34        
   84614 60552352            all  --  *      *       0.0.0.0/0            192.0.2.156       

...

Chain OUTPUT (policy ACCEPT 92889 packets, 61985157 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
    1437  1308702            all  --  *      *       10.21.241.35         0.0.0.0/0           
    8140  2581855            all  --  *      *       10.21.241.34         0.0.0.0/0           
   83324 58103243            all  --  *      *       192.0.2.156        0.0.0.0/0           



If you are using bif.sh to manage iptables you could put the following after drop_bad or $IPTABLES -t raw -X
#Host IP accounting
$IPTABLES -I INPUT -d 192.0.2.156
$IPTABLES -I INPUT -d 10.21.241.34
$IPTABLES -I INPUT -d 10.21.241.35
$IPTABLES -I OUTPUT -s 192.0.2.156
$IPTABLES -I OUTPUT -s 10.21.241.34
$IPTABLES -I OUTPUT -s 10.21.241.35



Configure munin-node
ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_10.21.241.34
ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_10.21.241.35
ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_192.0.2.156




Traffic accounting per IP with iptables and munin