Thanks Simon, and again, Antony, Simon - I have investigated the server's local traffic in full and yes, the -i eth0 -o eth1 takes care of all of that. Good thinking, though :-) It looks like you guys agree with me and my paradigm and that somehow my ISP is actually wrong. The fact that my ISP is apparently undercharging me (go figure!) is a strangely unsettling thought and it is really difficult for me to believe that iptables OR my ISP are wrong. I might have a hunt around - maybe slashdot - for someone that could shed some light on this situation. good day to you all Marc On Tue, 2003-11-11 at 12:21, Antony Stone wrote: > On Monday 10 November 2003 10:25 pm, Marc Lucke wrote: > > > Antony - my thanks to you. I rather suspected your answer would be > > true. My problem is that I am getting very large differences in the > > usage I track using iptables and the usage that my ISP reports. > > iptables reports much more traffic - up to 12% in fact. I have checked > > with the ISP who say they too only count layer 3 IP. > > 12% is a lot, and the fact that you think you have 12% more traffic than your > ISP does is more strange than if it were the other way around. What about traffic from your host back to itself? For example, GNOME heavily uses the ORBIT corba server, which uses TCP/IP to communicate between interacting applications. Maybe you could add a separate rule for traffic from 127.0.0.1 and to your local host address back to the local machine, to measure that? NB: I'm no networking guru, so this may be a red herring... And I didn't see the original posting for this, so don't know if the server you are measuring traffic on is running anything else... Regards, Simon
