On Fri, 1 May 2020, Reindl Harald wrote: > how can it be that a single peer has 2.8 GB traffic and in the raw table > the whole udp traffic is only 417M? > > iptables --verbose --list --table raw > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 17M 4378M INBOUND all -- wan any anywhere anywhere > 22M 20G ACCEPT tcp -- any any anywhere anywhere > 2802K 417M ACCEPT udp -- any any anywhere anywhere > 3678K 299M ACCEPT icmp -- any any anywhere anywhere > 256 131K DROP all -- any any anywhere anywhere > > peer: cA4YZkh8GfPIrMtMwMPzutcfW5U0Ht5Gq2XHs5I9dlo= > preshared key: (hidden) > endpoint: ******* > allowed ips: ********* > latest handshake: 59 seconds ago > transfer: 148.09 MiB received, 2.67 GiB sent Locally generated traffic does not pass through the raw PREROUTING table, it only passes through raw OUTPUT. If wireguard is running on the same machine and the 2.67 GiB is sent by the wireguard daemon to the pear, it would only be in OUTPUT when not received from a third station first. c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F.
