On Thursday 01 March 2007, CapSel <[EMAIL PROTECTED]> wrote about '[gentoo-user] iptraf vs iptables (mangle & access)': > I'm trying to count bandwidth and number of packets on my router with > rules like: > > iptables -t mangle -A PREROUTING -i eth0 -j stats > iptables -t mangle -A POSTROUTING -o eth0 -j stats > > iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT > iptables -t mangle -A stats -p udp -s $ip -j ACCEPT > iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT > > iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT > iptables -t mangle -A stats -p udp -d $ip -j ACCEPT > iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT > > Chain stats has policy set to ACCEPT. > > My script reads these values every minute and sets them to zero. > The problem is that numbers of packets are more than twice greater than > iptraf shows, but bandwidth seems to be correct.
That would be correct, since every forwarded packet passes though both the pre-routing and post-routing chains, so you are counting every packet (at least those that are not dropped in the FORWARD chain) twice. -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/ New GPG Key! Old key expires 2007-03-25. Upgrade NOW!
pgpXRGGps6ybi.pgp
Description: PGP signature