Am 01.05.20 um 19:01 schrieb Sven-Haegar Koch: > On Fri, 1 May 2020, Reindl Harald wrote: > >> how can it be that a single peer has 2.8 GB traffic and in the raw table >> the whole udp traffic is only 417M? >> >> iptables --verbose --list --table raw >> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 17M 4378M INBOUND all -- wan any anywhere anywhere >> 22M 20G ACCEPT tcp -- any any anywhere anywhere >> 2802K 417M ACCEPT udp -- any any anywhere anywhere >> 3678K 299M ACCEPT icmp -- any any anywhere anywhere >> 256 131K DROP all -- any any anywhere anywhere >> >> peer: cA4YZkh8GfPIrMtMwMPzutcfW5U0Ht5Gq2XHs5I9dlo= >> preshared key: (hidden) >> endpoint: ******* >> allowed ips: ********* >> latest handshake: 59 seconds ago >> transfer: 148.09 MiB received, 2.67 GiB sent > > Locally generated traffic does not pass through the raw PREROUTING > table, it only passes through raw OUTPUT. > > If wireguard is running on the same machine and the 2.67 GiB is sent by > the wireguard daemon to the pear, it would only be in OUTPUT when not > received from a third station first. thank you ok, that's a valid argument - i thought raw PREROUTING is facing *every* package makes my stats missing some stuff but OK --------------------------------------------------------------- 1D/0H/9M - TRAFFIC - IPV4: 100%, IPV6: 0%, TCP: 96.1%, UDP: 2%, ICMP: 1.4%, DROP: 0.7% --------------------------------------------------------------- ALL 4 6 TCP UDP ICMP TCP4 TCP6 UDP4 UDP6 ICMP4 ICMP6 DROP 21G 21G 0 20G 416M 304M 20G 0 416M 0 304M 0 147M
