Re: [gentoo-user] iptraf vs iptables (mangle access)
On 3/1/07, Boyd Stephen Smith Jr. [EMAIL PROTECTED] wrote: That would be correct, since every forwarded packet passes though both the pre-routing and post-routing chains, so you are counting every packet (at least those that are not dropped in the FORWARD chain) twice. I don't fully understand how is that possible that my rules count packet twice, could you explain it more briefly? I specified -i eth0 in PREROUTING and -o eth0 in POSTROUTING. Isn't this correct way to count packets only once? ...and I'm getting values only from chain 'stat', which is called only from PREROUTING and POSTROUTING with specified network interface respectively to direction (-i/-o eth0). So in my opinion a packet traveling through the router to my network passes only once through 'stats' as it is accepted only in PREROUTING with -i eth0, and not in POSTROUTING with -o eth0, as it goes out from eth1. Am I correct?
Re: [gentoo-user] iptraf vs iptables (mangle access)
On 3/2/07, Daniel Iliev [EMAIL PROTECTED] wrote: CapSel wrote: On 3/1/07, *Boyd Stephen Smith Jr.* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: That would be correct, since every forwarded packet passes though both the pre-routing and post-routing chains, so you are counting every packet (at least those that are not dropped in the FORWARD chain) twice. I don't fully understand how is that possible that my rules count packet twice, could you explain it more briefly? I specified -i eth0 in PREROUTING and -o eth0 in POSTROUTING. Isn't this correct way to count packets only once? ...and I'm getting values only from chain 'stat', which is called only from PREROUTING and POSTROUTING with specified network interface respectively to direction (-i/-o eth0). So in my opinion a packet traveling through the router to my network passes only once through 'stats' as it is accepted only in PREROUTING with -i eth0, and not in POSTROUTING with -o eth0, as it goes out from eth1. Am I correct? Perhaps this packet travel diagram will help: http://www.linuxnetmag.com/share/issue9/iptables3.jpg To be totally sure - when packet arrives from internet to eth0 it passes through PREROUTING as packet that comes from eth0, then it travels across FORWARD as packet that comes from eth0 toward eth1, and finally it goes to POSTROUTING as packet that wants to come out through eth1? And if I have rules: -t mangle -A PREROUTING -i eth0 -j stats -t mangle -A POSTROUTING -o eth0 -j stats (there are no other rules that jumps to stats, and these are only rules in mangle table) how many times the packet would pass through 'stats'? From witch places on this diagram iptraf takes values?
Re: [gentoo-user] iptraf vs iptables (mangle access)
On Thursday 01 March 2007, CapSel [EMAIL PROTECTED] wrote about '[gentoo-user] iptraf vs iptables (mangle access)': I'm trying to count bandwidth and number of packets on my router with rules like: iptables -t mangle -A PREROUTING -i eth0 -j stats iptables -t mangle -A POSTROUTING -o eth0 -j stats iptables -t mangle -A stats -p tcp -s $ip -j ACCEPT iptables -t mangle -A stats -p udp -s $ip -j ACCEPT iptables -t mangle -A stats -p icmp -s $ip -j ACCEPT iptables -t mangle -A stats -p tcp -d $ip -j ACCEPT iptables -t mangle -A stats -p udp -d $ip -j ACCEPT iptables -t mangle -A stats -p icmp -d $ip -j ACCEPT Chain stats has policy set to ACCEPT. My script reads these values every minute and sets them to zero. The problem is that numbers of packets are more than twice greater than iptraf shows, but bandwidth seems to be correct. That would be correct, since every forwarded packet passes though both the pre-routing and post-routing chains, so you are counting every packet (at least those that are not dropped in the FORWARD chain) twice. -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/ New GPG Key! Old key expires 2007-03-25. Upgrade NOW! pgpXRGGps6ybi.pgp Description: PGP signature
