1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to monitor SSH traffic

Discussion in 'Tomato Firmware' started by psy-q, Jun 19, 2014.

  1. psy-q

    psy-q Reformed Router Member

    Is it possible to have SSH traffic show in web monitor/bandwidth/ip traffic? Doesn't look like anything transferred over an SSH tunnel is being taken into account for bandwidth usage. Shibby 117 AIO RT-N66U
     
  2. jerrm

    jerrm Network Guru Member

    The tracking rules using the account module are only applied to the FORWARD chain. Traffic destined to the router itself wouldn't be caught. You inserting can try duplicate account rules at the top of the INPUT chain. Not sure if that would cause any issues or not, but I think it would work.
     
  3. psy-q

    psy-q Reformed Router Member

    ugh, does that require manipulating iptables? Every time I go near that I cause more problems then it's worth.

    While we're at it, can OpenVPN traffic be pulled as well. I would think any VPN subnets should be added to the device list automatically. Not sure why that's not default behavior
     
  4. EOC_Jason

    EOC_Jason Networkin' Nut Member

    OpenVPN traffic shows up on the TUNxx tab in the bandwidth monitoring graph... (at least it does for toastman).
     
  5. psy-q

    psy-q Reformed Router Member

    Not in Shibby's build. For all intents and purposes traffic received outside the configured LAN is completely invisible. Probably to QOS as well.
     
  6. RMerlin

    RMerlin Network Guru Member

    Check in the FORWARD chain - it's possible that the tun rule is before the ipt_account rule, which would cause VPN traffic to never hit the accounting rule.
     
  7. psy-q

    psy-q Reformed Router Member

    Good call Merlin, looks like that is the case. How do I move that down? Admin scripts (Firewall)?

    Looks like I'll probably have to remove the rule then recreate it at a specific line. Is that the best way to do it?

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- tun21 * 0.0.0.0/0 0.0.0.0/0
    822K 683M all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 10.0.1.0/255.255.255.0 name: lan
    96413 103M all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 10.0.2.0/255.255.255.0 name: lan1
    0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 10.0.3.0/255.255.255.0 name: lan2
     
    Last edited: Jun 20, 2014
  8. RMerlin

    RMerlin Network Guru Member

    Last edited: Jun 20, 2014
    psy-q likes this.
  9. psy-q

    psy-q Reformed Router Member

    Thanks Merlin, I'll try and pass that on to Shibby. Seems like a pretty important thing for anyone running a VPN.

    Looks like it works fine on my Asuswrt-Merlin powered RT-AC68U ;)
     

Share This Page