Switch to English
Switch to Russian
Traffic accounting and billing system
Frequently Asked Questions (FAQ)
net-acct is collecting traffic data, but database is empty. Why?

There are too many reasons of such behaviour to answer precisely. You should make a step-by-step investigation.

  1. Disable all cron-based sheduling of NetBilling scripts.
  2. Check if you have all your traffic zones and clients defined correctly. In the beginning, it is a good idea to define a single all-including "Internet" traffic zone ( and a single client. Remember: only defined clients' traffic is accounted!
  3. Check net-acct output file for collected traffic. Unsure this file is specified coorectly by nacctdout parameter of netbilling.conf and it is readable. Unsure there is traffic of your clients in there (check net-acct configuration file for descripion of its fields).
  4. Unsure file specified by nacctdpidpath (/var/run/nacctd.pid by default) is readable and contain actual nacctd PID. Unsure file specified by gettraflock (/var/run/gettraf.lock by default) exists when nacctd is running.
  5. Activate gettraf.pl debug output with $DEBUG variable in its very beginning. Run it manually for existing nacctd output file and check data it will output on the console.

If you ask the developer to help you with this kind of problem, provide gettraf.pl debug output along with your request.

Clients' access control management does not work. What am I doing wrong?

At the very beggining you should define your access control policy and choose the appropriate tools for it.

Access control mechanism supplied by developer assumes you have NetBilling installed on your PC-based router, which provide Internet access to the LAN behind it by means of NAT technology of Linux'es native packect filter - iptables.

This means, you should permit IP forwarding and your NAT (MASQUERADE) iptables rules should allow everybody from LAN to access outer world. act.sh and deact.sh shell scripts will then be able to control user acces by adding or removing corresponding "deny forward" rules for specified client. Client's IP address is passed to act.sh (deact.sh) in the first command-line parameter.

But there is a problem of controlling iptables from NetBilling web interface - you you must be root to do that! There is a small binary tool in NetBilling to resolve that - ipta. ipta translate all of its parameters to your system's iptables tool. You should make ipta SUID-root (make it owned by root and set the SUID bit) to be able to manipultate iptables rules without being superuser (check this fact by yourself just to be sure!). It is clear this tool creates a great vulnurability in your system, so you can find out your own ways of running iptables from webserver. sudo, maybe...

Note: iptables tool has different path in different Linux distributions, so your should find out your own full path, modify ipta's source - ipta.c - in appropriate way and recompile it with gcc -oipta ipta.c.

Well, after all, manual running of act.sh or deact.sh from unprivileged user should respectivly allow or deny Internet access for specified IP-address by modifying iptables rules. If this is so, the last thing to do is set the right path for act.sh and deact.sh in netbill.conf and permissions for them to be readably and executable.

How should I turn on IP forwarding in Linux?

Turn on:
# echo "1" > /proc/sys/net/ipv4/ip_forward

Turn off:
# echo "0" > /proc/sys/net/ipv4/ip_forward

How sould I setup NAT for my LAN
# iptables -t nat -A POSTROUTING -s -d ! -j MASQUERADE