* Total traffic
@ 2003-10-05 12:24 Mario Ohnewald
2003-10-06 8:37 ` Daniel Chemko
0 siblings, 1 reply; 4+ messages in thread
From: Mario Ohnewald @ 2003-10-05 12:24 UTC (permalink / raw)
To: netfilter
Hello!
I am running the SuSI Firewall2, and i want to find out my total traffic,
which i need for my traffic script.
I have 2 questions about it:
Will: iptables -L -vnx | grep "state NEW,RELATED,ESTABLISHED" | grep
"ACCEPT all"
Give me the toal traffic? If yes, why does iptraf log about twice as much
traffic than my iptables??
Should it not be the same, or am i looking at the wrong iptables line?
Cheers, Mario
--
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse für Mail, Message, More! +++
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Total traffic
2003-10-05 12:24 Total traffic Mario Ohnewald
@ 2003-10-06 8:37 ` Daniel Chemko
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Chemko @ 2003-10-06 8:37 UTC (permalink / raw)
To: Mario Ohnewald; +Cc: netfilter
I just insert blank rules to mangle,pre & post.
Mario Ohnewald wrote:
>Hello!
>I am running the SuSI Firewall2, and i want to find out my total traffic,
>which i need for my traffic script.
>I have 2 questions about it:
>Will: iptables -L -vnx | grep "state NEW,RELATED,ESTABLISHED" | grep
>"ACCEPT all"
>
>Give me the toal traffic? If yes, why does iptraf log about twice as much
>traffic than my iptables??
>
>Should it not be the same, or am i looking at the wrong iptables line?
>
>
>Cheers, Mario
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Total traffic
@ 2003-10-06 15:55 Anderson, Ray
0 siblings, 0 replies; 4+ messages in thread
From: Anderson, Ray @ 2003-10-06 15:55 UTC (permalink / raw)
To: Daniel Chemko, Mario Ohnewald; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 891 bytes --]
Could you give us "noobs" an example ruleset?
Thanks!
-=Ray
---------------------------------------
> -----Original Message-----
> From: Daniel Chemko [mailto:dchemko@smgtec.com]
> Sent: Monday, October 06, 2003 1:37 AM
> To: Mario Ohnewald
> Cc: netfilter@lists.netfilter.org
> Subject: Re: Total traffic
>
>
> I just insert blank rules to mangle,pre & post.
>
> Mario Ohnewald wrote:
>
> >Hello!
> >I am running the SuSI Firewall2, and i want to find out my
> total traffic,
> >which i need for my traffic script.
> >I have 2 questions about it:
> >Will: iptables -L -vnx | grep "state NEW,RELATED,ESTABLISHED" | grep
> >"ACCEPT all"
> >
> >Give me the toal traffic? If yes, why does iptraf log about
> twice as much
> >traffic than my iptables??
> >
> >Should it not be the same, or am i looking at the wrong
> iptables line?
> >
> >
> >Cheers, Mario
> >
> >
> >
>
>
[-- Attachment #2: Type: text/html, Size: 2354 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Total traffic
@ 2003-10-06 17:30 Daniel Chemko
0 siblings, 0 replies; 4+ messages in thread
From: Daniel Chemko @ 2003-10-06 17:30 UTC (permalink / raw)
To: Anderson, Ray, Mario Ohnewald; +Cc: netfilter
This would be better done if you could feed a rule text into a program and have it spit out the byte count, but until I get libiptc to build properly, this is what I do:
iptables:
$IPTABLES -t mangle -A PREROUTING -i ${ifname}
$IPTABLES -t mangle -A POSTROUTING -o ${ifname}
Counter into RRDTOOL:
TRAFFIC=`/sbin/iptables -nxvL -t mangle | grep "\* ${ifname} " | awk '{ print $2 }'`
OUTBOUND=${TRAFFIC}
TRAFFIC=`/sbin/iptables -nxvL -t mangle | grep "${ifname}[\ ]*\*" | awk '{ print $2 }'`
INBOUND=${TRAFFIC}
This is based on a per-interface byte counter, which I believe is what you are looking for. If you try to make the counters much finer grained, you will eventually run into the problem of parsing the lines without redundancies. My only easy solution to this would be one of two things:
1. Write a program designed to extract the byte counts of any rule where its rule text is fed back into the program.
2. Write a simple extension that all it does is print something like 'ATOM eth0_inbound' or 'ATOM inet_http_in' or whatever. Then from user land, you can always filter to a single line by knowing the special atomic string.
-----Original Message-----
From: Anderson, Ray [mailto:rsa@prideindustries.com]
Sent: Monday, October 06, 2003 8:56 AM
To: Daniel Chemko; Mario Ohnewald
Cc: netfilter@lists.netfilter.org
Subject: RE: Total traffic
Could you give us "noobs" an example ruleset?
Thanks!
-=Ray
---------------------------------------
> -----Original Message-----
> From: Daniel Chemko [mailto:dchemko@smgtec.com]
> Sent: Monday, October 06, 2003 1:37 AM
> To: Mario Ohnewald
> Cc: netfilter@lists.netfilter.org
> Subject: Re: Total traffic
>
>
> I just insert blank rules to mangle,pre & post.
>
> Mario Ohnewald wrote:
>
> >Hello!
> >I am running the SuSI Firewall2, and i want to find out my
> total traffic,
> >which i need for my traffic script.
> >I have 2 questions about it:
> >Will: iptables -L -vnx | grep "state NEW,RELATED,ESTABLISHED" | grep
> >"ACCEPT all"
> >
> >Give me the toal traffic? If yes, why does iptraf log about
> twice as much
> >traffic than my iptables??
> >
> >Should it not be the same, or am i looking at the wrong
> iptables line?
> >
> >
> >Cheers, Mario
> >
> >
> >
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-10-06 17:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-05 12:24 Total traffic Mario Ohnewald
2003-10-06 8:37 ` Daniel Chemko
-- strict thread matches above, loose matches on Subject: below --
2003-10-06 15:55 Anderson, Ray
2003-10-06 17:30 Daniel Chemko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.