* sar interface stats
@ 2008-09-11 22:03 val
0 siblings, 0 replies; 3+ messages in thread
From: val @ 2008-09-11 22:03 UTC (permalink / raw)
To: netfilter
On a RHEL5.x86_64 firewall type system (one interface
internet-exposed, the other
faces intranet), totals for received bytes/sec and transmitted bytes/sec as
reported by 'sar -n DEV' are always nearly equal for both interfaces. This
despite the fact that for sure the external interface is kept very busy
dropping the usual internet cruft. Do interface 'received' statistics as
maintained by the kernel NOT reflect traffic that is DENYed/DROPed/REJECTed
by netfilter (iptables) rules? If so, any ideas why? Or if it's not the
case that the dropped traffic isn't counted, why the near equality for total
traffic on both interfaces? Or am I merely confused, again...
thanks,
val
^ permalink raw reply [flat|nested] 3+ messages in thread
* sar interface stats
@ 2008-09-12 18:21 val
0 siblings, 0 replies; 3+ messages in thread
From: val @ 2008-09-12 18:21 UTC (permalink / raw)
To: netfilter
On a RHEL5.x86_64 firewall system (one interface internet-exposed, the
other on intranet), totals for received bytes/sec and transmitted
bytes/sec, as reported by 'sar -n DEV', are always nearly equal for
both interfaces. This despite the fact that for sure the external
interface is kept very busy dropping the usual internet cruft. Do
interface 'received' statistics as maintained by the kernel NOT
reflect traffic that is DENYed/DROPed/REJECTed by netfilter (iptables)
rules? Or if it's not the case that the dropped traffic isn't
counted, why the near equality for total traffic on both interfaces?
If traffic that is REJECTed is not counted in the received counts, are
the resets or icmp unreachables also not counted in the transmitted
counts?
thanks,
val
^ permalink raw reply [flat|nested] 3+ messages in thread
* sar interface stats
@ 2008-09-12 18:56 Art History
0 siblings, 0 replies; 3+ messages in thread
From: Art History @ 2008-09-12 18:56 UTC (permalink / raw)
To: netfilter
On a RHEL5.x86_64 firewall system (one interface internet-exposed, the
other on intranet), totals for received bytes/sec and transmitted
bytes/sec, as reported by 'sar -n DEV', are always nearly equal for
both interfaces. This despite the fact that for sure the external
interface is kept very busy dropping the usual internet cruft. Do
interface 'received' statistics as maintained by the kernel NOT
reflect traffic that is DENYed/DROPed/REJECTed by netfilter (iptables)
rules, and why not? Or if it's not the case that the dropped
traffic isn't counted, why the near equality for total traffic on both
interfaces? If traffic that is REJECTed is not counted in the received
counts, are the resets or icmp unreachables also not counted in the
transmitted counts?
thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-09-12 18:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-11 22:03 sar interface stats val
-- strict thread matches above, loose matches on Subject: below --
2008-09-12 18:21 val
2008-09-12 18:56 Art History
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox