WAN-Only IP Traffic Client Monitor

Discussion in 'Tomato Firmware' started by SugarSodPops, Feb 5, 2012.

  1. SugarSodPops

    SugarSodPops Networkin' Nut Member

    Hello, and a BIG THANK YOU to all the contributors of Toast USB for your awesome work! You are bringing out the best in these small consumer routers.

    I am co-managing a small network of 15 clients which are all sharing one internet gateway. We are trying very hard to monitor and limit each client's internet usage because our ISP has us on a very restrictive monthly cap. We have some abusive users who are going way over the cap and its costing us money.

    After doing some research, I found Toastman's build "tomato-ND-1.28.7632.2-Toastman-IPT-ND-Std" and loaded that on our Buffalo WHR-HP-G54.

    I then set up everyone's static IP and bound them and enabled IP Traffic Monitoring. I've checked the option to ignore DHCP requests from unknown devices. I have both the Bandwidth and IP Traffic monitoring logs and backups saving to a CIFS client. So far so good.

    I've been using the IP Traffic Monitor since 01FEB2012 and I've noticed how the daily totals are conflicting with what my ISP is reporting. After some digging around, I read some forum posts from TeaMan where he says that the IP Traffic tool shows all the traffic going through the router, not just traffic passing through the WAN. So, the use of IP Traffic in it's current form is not really the tool I need to be able to see each client's actual internet upload/download stats.

    Is there a way to implement WAN-only traffic per client IP?

  2. teaman

    teaman LI Guru Member

    Hi there!

    Here's a few things I've suggested for a user to try:

    Unfortunately... I don't think we ever got any feedback from that user and/or those tests... would you like to try those new/changed rules and let us know how it goes?

    Who knows... it may become an actual 'option' on future builds, specially if it's useful (and if it works as expected;) )

  3. SugarSodPops

    SugarSodPops Networkin' Nut Member

    Hi Teaman! I tried editing the iptable as you suggested, but I got some strange outcomes. After I changed the rules, I cleared and deleted all the saved r & c stats and created new files for each so I could start from scratch during the experiment. During some light web surfing with the new iptable rules in place, I saw the IP traffic was about double of what the BW monitor was reporting. This could be because I may have incorrectly edited iptable. I really wasnt sure what I was doing, so, you should take a look at it to make sure I did this right.

    When I rebooted the router, the new iptable rules were cleared and I deleted all the saved r & c stats and created new files for each so I could start from scratch. The data rates of the BW and IP traffic monitors more closely followed each other based on some light web surfing. It wasn't exact, but close, a few hundred KB off from each other. I wasn't able to duplicate issues where IP Traffic stats overwhelmingly outnumbered BW monitoring stats (IP Traffic LAN vs BW Monitoring WAN), but then again, IP traffic wasn't capturing my screensharing traffic or file transfers to/from other wi-fi clients on the lan. Im not sure why it ignores that traffic... I remember seeing some related posts from you about that topic, but I didnt quite grasp the concepts of why IP Traffic counts certain traffic and ignores other traffic. I digress...

    I was wondering if adding a router in place between the internet gateway router and the dhcp server router would be a good solution to getting IPTraffic to accurately count wan-only IP specific traffic? That way all internal lan traffic is dealt with by the dhcp server router, and internet traffic only passes through the new additional router, therefore it is the only traffic flow that IPTraffic would see.

    Thanks for your time! If you have any suggestions for more testing, I'd be glad to be your guinea pig... just don't brick my router! ;) I love my WHR-HP-G54... had it for about 5 years now and still going strong! We are in a loving committed relationship... hehe.
    BW Real Time new rules.png IP Real time new rules.png My IFs.png My new rules.png
  4. teaman

    teaman LI Guru Member

    Ok, then... It seems we might need to clarify a few things before proceeding with any further testing ;)

    So, first things first: IP Traffic is about accounting of packets flowing through the router, being forwarded between different interfaces (IPv4 only). In your case, it seems you have only one LAN bridge configured, right?

    If that's your particular case, then your router 'knows' about just two 'zones': LAN (br0) and WAN (vlan1). Therefore, accounting/tracking of any IPv4 network traffic flowing between those two zones should already be working properly by means of those existing/standard rules. There's no need to change any rules, considering this scenario: for every packet being forwarded, there's only one possible 'origin' and only one possible 'destination' (LAN <-> WAN).

    For completitude: however... if you /had/ more than one LAN bridge configured - such as LAN/br0 and LAN1/br1 - then, we'd be talking about 3 distinct zones IP Traffic would be 'watching' and keeping track for any network traffic being forwarded as in/between:

    * LAN <-> WAN
    * LAN1 <-> WAN
    * LAN <-> LAN1

    And... we sometimes forget about that last one! :) (which has been the quite possibly the most common cause and/or source of mysterious/unusual values being found/read/gathered by the IP Traffic subsystem to this day).

    With all that in mind... yes: if you wanna be able to catch/track all IPv4 traffic flowing from/to anywhere, you must ensure that network traffic /does/ get through your router ;)
  5. SugarSodPops

    SugarSodPops Networkin' Nut Member

    Teaman, Yes, just one LAN bridge. I love reading your posts... they usually start to sink in my brain after the 3rd or 4th read through! I love the way you make me think rationally. You are a great teacher!

    It is good to know that things in my situation should be working normally and as designed without modification to any iptables. Back to the original problem of the IPTraffic daily totals not matching the BW Monitor daily totals and my ISP's daily totals... who knows? I will keep an eye on it, and hopefully all is stable. Maybe it was corrupt cstats/rstats file? If I notice the numbers getting out of whack again, I will once again beg for your assistance.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice