Re: Ip accounting Help--> Urgent

[Joel Solanki <zealous@bonbon.net>]

Good morning Antone and all.

			
	LINUX SERVER eth0 200.200.200.200 (public ip) --> switch 
		     eth1 192.168.0.1/24   -------------> switch


Yes 192.168.0.2 is the ip of windows 98 machine.
I have done SNAT on linux server.
Below are the rules:-

[root@joel root]# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 5321 packets, 1574K bytes)
 pkts bytes target     prot opt in     out     source        destination

Chain INPUT (policy ACCEPT 4 packets, 452 bytes)
 pkts bytes target     prot opt in     out     source        destination

Chain FORWARD (policy ACCEPT 5299 packets, 1571K bytes)
 pkts bytes target     prot opt in     out     source        destination
 2672 1461K            all  --  eth1   *       192.168.0.2   0.0.0.0/0
 2627  110K            all  --  eth0   *       0.0.0.0/0     192.168.0.2

Chain OUTPUT (policy ACCEPT 2 packets, 140 bytes)
 pkts bytes target     prot opt in     out     source        destination

Chain POSTROUTING (policy ACCEPT 5301 packets, 1571K bytes)
 pkts bytes target     prot opt in     out     source        destination

[root@joel root]#

I have tested again this rules
I just upload squid.tar.gz which is of 1.3M. and i found the above
results. Its only showing the 110K bytes ...file is of 1.3M and traffic
bytes are more in other rule ..its showing 1461K. so i cant get what is
exactly going on with this chains...

Below are other iptables results..........
------------------------------------------------------------------------------------------------------------------------

[root@joel root]# iptables -nvL
Chain INPUT (policy ACCEPT 9 packets, 1053 bytes)
 pkts bytes target     prot opt in     out     source        destination
    0     0 ACCEPT     all  --  eth1   *       192.168.0.2   0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts	bytes	target	prot	opt	in	out	source		destination
2690	1462K	ACCEPT	all	--	*	eth1	192.168.0.2	0.0.0.0/0	state	NEW,RELATED,ESTABLISHED
2638	111K	ACCEPT	all	--	*	eth1	0.0.0.0/0	192.168.0.2	state	NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 7 packets, 450 bytes)
pkts	bytes	target	prot	opt	in	out	source		destination
---------------------------------------------------------------------------------------------------------------------------


[root@joel root]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 463 packets, 43776 bytes)
 pkts bytes target     prot opt in     out     source       destination

Chain POSTROUTING (policy ACCEPT 41 packets, 2532 bytes)
pkts	bytes	target	prot	opt	in	out	source		destination
237	12398	SNAT	all	--	*	eth0	192.168.0.2	0.0.0.0/0	to:200.200.200.200

Chain OUTPUT (policy ACCEPT 41 packets, 2532 bytes)
 pkts bytes target     prot opt in     out     source       destination


---------------------------------------------------------------------------------------------------------------------------

Regards,

On Sat, 2004-06-26 at 13:52, Antony Stone wrote:
> On Saturday 26 June 2004 5:30 am, Joel Solanki wrote:
> 
> > Hello all, ANTONY ...hoping something from u :)
> 
> Good morning :)
> 
> > I am testing ip accounting on my production server for last 2 days but i
> > can sort the things. Any body if u could throw little light that would
> > be really helpful to me.
> > This is my testing results.
> >
> > # $IPT -t mangle -i eth1 -A FORWARD -s 192.168.0.2
> > # $IPT -t mangle -o eth0 -A FORWARD -d 192.168.0.2
> >
> > Results:-
> >
> > Chain FORWARD (policy ACCEPT 6853 packets, 2981K bytes)
> >  pkts bytes target     prot opt in     out     source        destination
> >  3267 1483K            all  --  eth1   *       192.168.0.2   0.0.0.0/0
> >     0     0            all  --  *      eth0    0.0.0.0/0     192.168.0.2
> >
> > I download squid-2.5.STABLE5.tar.gz from my ftp server.
> > The size of squid is 1.3M
> >
> > Now when i did upload same squid package from local machine to remote
> > ftp server it doesnt show any bytes counter in second command :--you can
> > see that above ...counters bytes are 0.
> 
> Two very obvious questions first - I don't think these will be the problem, 
> but I might as well check:
> 
> 1. Is the machine you are uploading to connected via eth0?
> 2. Does the machine you are uploading to have IP address 192.168.0.2?
> 
> Both the above must be "yes" for the second rule you have (the one that's not 
> apparently working properly) to count packets.
> 
> Now for the suggestion where I think you *may* have an error:
> 
> 3. Do you have any PREROUTING nat rules which mean that by the time packets 
> hit the FORWARD chain, they're no longer addressed to 192.168.0.2?
> 
> A good way to answer this would be to show us the rule in your FORWARDing 
> filter table which allows the connection (the upload connection which you are 
> having problems measuring) to work.
> 
> I cannot think of any reason why a rule in the FORWARD mangle table would not 
> see packets which are correctly being processed by the FORWARD filter table.
> 
> Regards,
> 
> Antony.
-- 
Joel n.solanki
Systems Administrator
(M) 91-9825500258
D2V ISP PVT LTD
http://www.d2visp.com