Find the answer to your Linux question:
Results 1 to 3 of 3
Hi all, I have a question about iptables. I have a forward chain that looks like this (slightly simplified): Code: # iptables -nv -L FORWARD Chain FORWARD (policy DROP 4 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 08-19-2007 #1
    marsvin
    marsvin is offline
    Just Joined!
    Join Date
    Aug 2007
    Posts
    2

    iptables forward chain accounting

    Hi all,

    I have a question about iptables. I have a forward chain that looks like this (slightly simplified):
    Code:
    # iptables -nv -L FORWARD
Chain FORWARD (policy DROP 4 packets, 160 bytes)
 pkts bytes target     prot opt in     out     source               destination
  365  165K ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.0.100          tcp dpt:80 flags:0x17/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.0.100          tcp dpt:443 flags:0x17/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.0.101          tcp dpt:25 flags:0x17/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.0.101          tcp dpt:110 flags:0x17/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.0.101          tcp dpt:143 flags:0x17/0x02
    0     0 ACCEPT     0    --  *      *       10.0.0.100           0.0.0.0/0
    0     0 ACCEPT     0    --  *      *       10.0.0.101           0.0.0.0/0
    4   160 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4
    As you can see the traffic counters are all zero (or near zero) except for the state rule which catches almost everything except the initial connection. Obviously what I'd love to see is the traffic per destination (port/host). Can anyone tell me if that's possible?

    -- marsvin
    Reply With Quote Reply With Quote
  2. 08-21-2007 #2
    cyberinstru
    cyberinstru is offline
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Hey,

    The first rule in the FORWARD chain allows all traffic with source ANY and destination ANY. So I suppose, it does not go thro' other rules. That's why you are not getting break-up statistics.

    Either delete the first one or put it at the end. Hopefully that shud do.

    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------
    Reply With Quote Reply With Quote
  3. 08-21-2007 #3
    marsvin
    marsvin is offline
    Just Joined!
    Join Date
    Aug 2007
    Posts
    2
    Close but not quite

    The Forum cuts off the ends of the lines but if you scroll a bit to the right you'll see the top line accepts only connections that already have a state assigned (state RELATED,ESTABLISHED.) The same thing happens if I move that rule to the bottom because it applies to all data (after the initial connection.)
    The byte counters are all 0s in my example but they do go up a few bytes every time a connection is made, they only register what comes in before it becomes stateful.

    Honestly I don't think there's an answer for this without seriously rethinking the setup though In any case thanks a lot for replying!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules