From: Amos Jeffries <squid3@treenet.co.nz>
To: Bob Miller <bob@computerisms.ca>
Cc: netfilter@vger.kernel.org
Subject: Re: bandwidth counting
Date: Sun, 27 Sep 2009 15:07:47 +1300 [thread overview]
Message-ID: <4ABEC8F3.10304@treenet.co.nz> (raw)
In-Reply-To: <1253935760.26388.1092.camel@laplaplian>
Bob Miller wrote:
> Greetings,
> I am not sure what it is about iptables, to me it's like a level 7 spell
> and I am only a level 6 mage. I (think I) understand the concepts when
> I read them, but whenever I try to implement them, they seldom come out
> as I expect them too.
> I have a debian box I use as a firewall, I use the ipmasq package to
> manage my iptables setup.
> I saw an article some time ago on how to set up bandwidth monitoring
> using iptables. I wanted to use this idea to track how much data is
> being passed across my external interface to see if it matches what my
> ISP says, as well as to find out which computers on my lan were using
> the data. I also wanted to measure only the internet traffic from the
> lan, and avoid counting the data destined for other lan targets - I am
> not concerned with the intranet bandwidth.
> I think the forward chain of the filter table should pass all packets I
> want to keep track of, so I sent all packets on the forward chain to a
> custom chain to count bandwidth, and I sent all the packets with a
> source/dest ip from the lan passing through the forward chain to another
> custom chain for counting.
> But the numbers dont' add up, I get a total of just over 2 GB for the
> lan ips in both directions, but the total count on the forward chain is
> 11 GB. I expected them to be very close to the same.
> So, obviously I don't have the understanding of the level 7 spell that I
> thought I did.
> I also think (thought) that the input and output chains of the filter
> table should give me a total count of bandwidth on my external
> interface, but some documentation I have been reading has me rethinking
> that perhaps the prerouting chain on the raw table for incoming and
> postrouting on the nat table for outgoing would give me a more accurate
> count of what my ISP will count.
> I am sure there are more ways to approach this than I wish to count, but
> I would very much welcome some suggestions and comments on which
> tables/chains would be best for my purposes...
I hit this same problem myself.
It turns out that FORWARD in filter only sees packets destined to other
boxes on the network.
What you need to monitor is the mangle table. That table sees everything
going in/out of the box.
AYJ
next prev parent reply other threads:[~2009-09-27 2:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-26 3:29 bandwidth counting Bob Miller
2009-09-27 2:07 ` Amos Jeffries [this message]
2009-09-28 12:49 ` Thomas Jacob
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ABEC8F3.10304@treenet.co.nz \
--to=squid3@treenet.co.nz \
--cc=bob@computerisms.ca \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox