Home

Installing and Configuring ipac-ng on Ubuntu

Tue, 06/12/2007 - 06:01 — dvogels

ipac-ng (ipac ng = Next Generation) is an IP accounting package that collects and displays IP accounting data. Typical uses include monitoring and measuring bandwidth consumption with highly customizable filters. Traffic can be measured by host, network, and port. ipac-ng supports ipchains and iptables (recommended).

Index

System Used

  • Ubuntu 6.10 (server install)
  • ipac-ng v1.31

Install ipac-ng

Install the base ipac-ng package:

sudo apt-get install ipac-ng

(OPTIONAL) For image output support install the libgd-perl package:

sudo apt-get install libgd-perl

You may be prompted to remove the libgd1-noxpm package and replace it with libgd1-xpm. For more information on XPM check out The XPM Story.

(Server install only) Load the ip_tables kernel module:

modprobe ip_tables

(Server install only) Add the ip_tables module to /etc/modules to ensure it is loaded at boot time:

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.

lp
ip_tables

ipac-ng is now ready to be configured.

Configure ipac-ng

Introduction to ipac-ng Configuration

ipac-ng is configured by setting rules in the /etc/ipac-ng/rules.conf file. Rules are based on incoming, outgoing, and forwarded traffic. The syntax for setting rules is as follows:

Name of Rule|Direction|Interface|Protocol|Source|Destination|Extension|
  • Name of Rule: a brief description of the rule; use only 0-9, A-z and spaces
  • Direction: direction of traffic; can be one of four values:
    • ipac~fo: forward in
    • ipac~fi: forward out
    • ipac~o: incoming; or outgoing to otherhost
    • ipac~i: outgoing; or incoming to otherhost
  • Interface: interface name; eg. eth0, use + to indicate all interfaces
  • Protocol: one of four values: tcp, udp, icmp, or all
  • Source: (optional) when this option is omitted the default address/mask 0.0.0.0/0; examples:
    • syntax: address[/mask] [port ...]
    • "192.168.89.233" - all traffic from 192.168.89.233 is monitored
    • "192.168.89.233 80" - only traffic from 192.168.89.233 on port 80 (HTTP) is monitored
    • "192.168.89.0/24" - all traffic from the class C network 192.168.89.0 is monitored
    • "0/0 25" - any traffic that originates from any IP on port 25 (SMTP) is monitored
  • Destination: (optional) same rules as Source apply
  • Extension: (optional) refer to Netfilter Extenstions HOWTO for valid parameters

    • Rules can be named the same. This is useful for displaying a total amount of traffic for incoming and outgoing. It is also helpful for calculating the total amount of traffic across multiple ports and displaying as a single output item. Here is an example of a /etc/ipac-ng/rules.conf that calculates the total traffic including incoming, outgoing, and forwarded traffic:

    # Example config file with accounting rules for iptables
# Install as /etc/ipac-ng/rules.conf
#

# Total
Total System|ipac~o|eth0|all||||
Total System|ipac~fi|eth0|all||||
Total System|ipac~i|eth0|all||||
Total System|ipac~fo|eth0|all||||

    The report output looks like:

    IP accounting summary
Host: superfly / Time created: 2007/06/13 05:04:55 PDT
Data from 2007/05/01 09:09:39 PDT to 2007/06/13 05:04:55 PDT
Total System : 100G

    Once you have configured your rules start ipac-ng:

    sudo /etc/init.d/ipac-ng start

    By default fetchipac runs every 10 minutes via the cron job (/etc/cron.d/ipac-ng). fetchipac populates the /var/lib/ipac/ directory with the data. To quickly generate and view any data as per your rules run:

    fetchipac && ipacsum --timeframe "today"

    Rulesets

    HTTP (port 80) Server/Client

    # CLIENT: HTTP (port 80)
HTTP Client Out|ipac~i|+|tcp|0/0|0/0 80
HTTP Client IN|ipac~o|+|tcp|0/0 80|0/0
HTTP Client Total|ipac~i|+|tcp|0/0|0/0 80
HTTP Client Total|ipac~o|+|tcp|0/0 80|0/0

# SERVER: HTTP (port 80)
HTTP Server Out|ipac~i|+|tcp|0/0 80|0/0
HTTP Server IN|ipac~o|+|tcp|0/0|0/0 80
HTTP Server Total|ipac~i|+|tcp|0/0 80|0/0 
HTTP Server Total|ipac~o|+|tcp|0/0|0/0 80

# TOTAL: HTTP (port 80)
HTTP TOTAL|ipac~i|+|tcp|0/0|0/0 80
HTTP TOTAL|ipac~o|+|tcp|0/0 80|0/0
HTTP TOTAL|ipac~i|+|tcp|0/0 80|0/0 
HTTP TOTAL|ipac~o|+|tcp|0/0|0/0 80

    TODO

    • add demonstration configuration for different types of configurations (eg. router)

    Resources

    Version History

    • 0.2 - January 8th, 2008
      - Added HTTP (port 80) Server/Client example
    • 0.1 - June 13th, 2007:
      - Initial Release

    Comments

    Post new comment

    The content of this field is kept private and will not be shown publicly.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <h2> <h3> <h4> <h5> <h6> <pre> <hr>
    • Lines and paragraphs break automatically.

    More information about formatting options

    CAPTCHA
    This question is for testing whether you are a human visitor and to prevent automated spam submissions.
    8 + 4 =
    Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.