From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HMqv9-0002HT-HK for garchives@archives.gentoo.org; Thu, 01 Mar 2007 19:26:31 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l21JPNGt026542; Thu, 1 Mar 2007 19:25:23 GMT Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.227]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l21JLFWm021975 for ; Thu, 1 Mar 2007 19:21:15 GMT Received: by wr-out-0506.google.com with SMTP id 69so77478wri for ; Thu, 01 Mar 2007 11:21:15 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=uL9nJqGpmLDUnrRe47k6IM+cRTqhA30wrVUnceMjOnIl4O90lS4ch2+Oz43U2IE5k1cX1ltw845ySvmsDG7OF6CU3gyoz13ni+Jkn9C+Cwbqq/JDAZOZEbq3YrdyA1rrQsCq+mN8iOcTlCmPQMX37Tsu2CI2XuUicAzKyFWtHgA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=QtUvAVqL5AYcMv3If3pS2jGhkOcsFR7xAKKVeIDjhVPC1xAuPzfVaePoOonUQVRxbnHHhpO5mAOzTTARIc/8SqOp+310bIwVjLjWAU1GoGUVAus/MwwC943pHxO+qwNpHQDaFG+XpUUOqNx6kR4gZE1e7qW/hat6YyImx7Vpzfg= Received: by 10.114.254.1 with SMTP id b1mr372040wai.1172776867840; Thu, 01 Mar 2007 11:21:07 -0800 (PST) Received: by 10.114.147.15 with HTTP; Thu, 1 Mar 2007 11:21:07 -0800 (PST) Message-ID: Date: Thu, 1 Mar 2007 20:21:07 +0100 From: CapSel To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] iptraf vs iptables (mangle & access) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_67091_15660790.1172776867791" X-Archives-Salt: 4654f9ae-7bf3-4c25-a2e4-b2ebc84a4a4f X-Archives-Hash: cf0244d72da40e0cf0e9d0d2000f6368 ------=_Part_67091_15660790.1172776867791 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline I'm trying to count bandwidth and number of packets on my router with rules like: iptables -t mangle -A PREROUTING -i eth0 -j stats iptables -t mangle -A POSTROUTING -o eth0 -j stats iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT iptables -t mangle -A stats -p udp -s $ip -j ACCEPT iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT iptables -t mangle -A stats -p udp -d $ip -j ACCEPT iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT Chain stats has policy set to ACCEPT. My script reads these values every minute and sets them to zero. The problem is that numbers of packets are more than twice greater than iptraf shows, but bandwidth seems to be correct. Of course I divide those numbers by 60 to get value per second. Why this difference is so big, what could I done wrong? ------=_Part_67091_15660790.1172776867791 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline I'm trying to count bandwidth and number of packets on my router with rules like:

iptables -t mangle -A PREROUTING -i eth0 -j stats
iptables -t mangle -A POSTROUTING -o eth0 -j stats

iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT
iptables -t mangle -A stats -p udp -s $ip -j ACCEPT
iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT

iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT
iptables -t mangle -A stats -p udp -d $ip -j ACCEPT
iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT

Chain stats has policy set to ACCEPT.

My script reads these values every minute and sets them to zero.
The problem is that numbers of packets are more than twice greater than iptraf shows, but bandwidth seems to be correct. Of course I divide those numbers by 60 to get value per second.

Why this difference is so big, what could I done wrong?
------=_Part_67091_15660790.1172776867791-- -- gentoo-user@gentoo.org mailing list