HOWTO install IP accounter

MMO -- Maybe Manual, Once

Requrirements

Perl5 and Perl modules (from CPAN or standard)

DBI (standard)
WWW::Curl::easy (http://search.cpan.org/~crisb/WWW-Curl-2.0/easy.pm.in)
Math::BigInt (standard)
Math::BigFlow (standard)

MySQL >= 4.0.25
PHP5
Apache 2.x
Some auth modules (HOWTO: http://httpd.apache.org/docs/2.0/howto/auth.html)
RRDTOOL (http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/index.en.html)

File layout

PHP files (admin, view and img directories) should be somewhere in public dir and there should be set some auth. restrictions of course.
inc dir should be on same level as admin and view dirs
Perl scripts should be somewhere in subdir of PHP if safe_mode is used.
ipac.conf (example is doc/ipac.conf) should be in /etc

Database

Create user ipac with some password (set the password which you have selected to /etc/ipac.conf) and create database ipac. Then grant all privileges on database ipac for user ipac and so import doc/ipac.sql into database ipac.

Username, password, dbhost, dbname and dbport should be set in /etc/ipac.conf and so in inc/conf.inc .

Cron

Put this into /etc/crontab (assuming that /var/www/members/htdocs/iptables is the dir where you placed bin, view, admin, etc.):

*/5 *  * * *    root    (cd /var/www/members/htdocs/accounter/bin && ./collector.pl)
1   *  * * *    root    (cd /var/www/members/htdocs/accounter/bin && ./accounter.pl)
*/5 *  * * *    root    (cd /var/www/members/htdocs/accounter/bin && ./graph.pl)

RRD

At first create dir for RRD outputs, for examples "rrd" in your public directory and set 755 filemod on that. Then set owner to the user which PHP will run under (for example "apache" etc).

Then set in inc/conf.inc:

$bin_rrdtool to full path of rrdtool binary
$rrd_datadir to full path to dir, you have created
$rrd_root to "relative" URL part, which the dir is under when accessing, for example: http://members.elfove.cz/accounter/rrd

Create some dir out of public dir, where RRD will store data, for example /var/lib/rrd.
In /etc/ipac.conf set:

rrd_bin to full path of RRD binary
rrd_repos to full path of dir you have created for RRD data

Router side (agnet)

The agent is bin/ipacagent.sh which is to be placed on router, there should ve set paths to iptables and ip6tables binaries and the agent should be put into cgi-bin dir of webdaemon on router. So the accounter will download data using url which is to be put into router congiguration.

Generating rulez for routers

Ruleset chain generator for iptables and ip6tables is nfrg.pl script.
You should prepate whole configuration in web interface and then run:

./nfrg.pl -r <routername> > <routername>.sh

For each router and then take resulting scripts "routername.sh" to appropriate routers and set the chain there (run the script and then save it to rc scripts, using, for example for Gentoo "/etc/init.d/iptables save && /etc/init.d/ip6tables save").