From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-60811-garchives=archives.gentoo.org@gentoo.org>)
	id 1HMrQA-0005fk-4B
	for garchives@archives.gentoo.org; Thu, 01 Mar 2007 19:58:34 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l21JvLmH007834;
	Thu, 1 Mar 2007 19:57:21 GMT
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l21JrBJc003182
	for <gentoo-user@lists.gentoo.org>; Thu, 1 Mar 2007 19:53:11 GMT
Received: by wr-out-0506.google.com with SMTP id 69so89541wri
        for <gentoo-user@lists.gentoo.org>; Thu, 01 Mar 2007 11:53:11 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=nUYKHU8lmuvYdUIgapVRQT7q+uZZPN079vaubd8Cde4kWyQFnFARCOqNTnBAJB/ve1dJ+jSFpRgT6IJiARiJHZbFcKQZ6Uw0JDn1ZxL8/YrVOjevh42f1JSi45j2eH97U8jXj1wl9HULpOSpwQfq6pdSnGb8aLfC835hHx3nuNQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=fQMwKqcKLKRtZOyQQWBe/yai/7mHR44+zprDHwxoeeHE7VKnjN2bOO+Vs2fmdgjS4wvd3kjotrheCN7sVE1jWS3Hpk2xzi2HzG2tNLNy/8QT4PZL9i4lPiWUZ0jFvKtkWSdfJKBh5xigBUcFNfD31wtVff3Ac0NPz91xjgmXtMs=
Received: by 10.114.168.1 with SMTP id q1mr66731wae.1172778746909;
        Thu, 01 Mar 2007 11:52:26 -0800 (PST)
Received: by 10.114.147.15 with HTTP; Thu, 1 Mar 2007 11:52:26 -0800 (PST)
Message-ID: <d03887390703011152t3278c30av3fadaea270496d04@mail.gmail.com>
Date: Thu, 1 Mar 2007 20:52:26 +0100
From: CapSel <capsel@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: iptraf vs iptables (mangle & access)
In-Reply-To: <d03887390703011121m2d21d3b9j5428d8e474dbfca0@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_67787_15418906.1172778746840"
References: <d03887390703011121m2d21d3b9j5428d8e474dbfca0@mail.gmail.com>
X-Archives-Salt: 5e52d12e-7931-4f02-863f-10b00956d7b1
X-Archives-Hash: 5f9ace0d4c33ca0722d234fcd8d90b21

------=_Part_67787_15418906.1172778746840
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Values taken from ifconfig shows same values as my firewall :)
Why

On 3/1/07, CapSel <capsel@gmail.com> wrote:
>
> I'm trying to count bandwidth and number of packets on my router with
> rules like:
>
> iptables -t mangle -A PREROUTING -i eth0 -j stats
> iptables -t mangle -A POSTROUTING -o eth0 -j stats
>
> iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT
> iptables -t mangle -A stats -p udp -s $ip -j ACCEPT
> iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT
>
> iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT
> iptables -t mangle -A stats -p udp -d $ip -j ACCEPT
> iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT
>
> Chain stats has policy set to ACCEPT.
>
> My script reads these values every minute and sets them to zero.
> The problem is that numbers of packets are more than twice greater than
> iptraf shows, but bandwidth seems to be correct. Of course I divide those
> numbers by 60 to get value per second.
>
> Why this difference is so big, what could I done wrong?
>

------=_Part_67787_15418906.1172778746840
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Values taken from ifconfig shows same values as my firewall :)<br>Why<br><br><div><span class="gmail_quote">On 3/1/07, <b class="gmail_sendername">CapSel</b> &lt;<a href="mailto:capsel@gmail.com">capsel@gmail.com</a>&gt; wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I&#39;m trying to count bandwidth and number of packets on my router with rules like:
<br><br>iptables -t mangle -A PREROUTING -i eth0 -j stats<br>iptables -t mangle -A POSTROUTING -o eth0 -j stats<br><br>iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT
<br>iptables -t mangle -A stats -p udp -s $ip -j ACCEPT<br>iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT<br><br>iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT<br>
iptables -t mangle -A stats -p udp -d $ip -j ACCEPT<br>
iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT<br><br>
Chain stats has policy set to ACCEPT.<br><br>My script reads these values every minute and sets them to zero.<br>The problem is that numbers of packets are more than twice greater than iptraf shows, but bandwidth seems to be correct. Of course I divide those numbers by 60 to get value per second.
<br><br>Why this difference is so big, what could I done wrong?<br>
</blockquote></div><br>

------=_Part_67787_15418906.1172778746840--
-- 
gentoo-user@gentoo.org mailing list