On Saturday 26 June 2004 5:30 am, Joel Solanki wrote: > Hello all, ANTONY ...hoping something from u :) Good morning :) > I am testing ip accounting on my production server for last 2 days but i > can sort the things. Any body if u could throw little light that would > be really helpful to me. > This is my testing results. > > # $IPT -t mangle -i eth1 -A FORWARD -s 192.168.0.2 > # $IPT -t mangle -o eth0 -A FORWARD -d 192.168.0.2 > > Results:- > > Chain FORWARD (policy ACCEPT 6853 packets, 2981K bytes) > pkts bytes target prot opt in out source destination > 3267 1483K all -- eth1 * 192.168.0.2 0.0.0.0/0 > 0 0 all -- * eth0 0.0.0.0/0 192.168.0.2 > > I download squid-2.5.STABLE5.tar.gz from my ftp server. > The size of squid is 1.3M > > Now when i did upload same squid package from local machine to remote > ftp server it doesnt show any bytes counter in second command :--you can > see that above ...counters bytes are 0. Two very obvious questions first - I don't think these will be the problem, but I might as well check: 1. Is the machine you are uploading to connected via eth0? 2. Does the machine you are uploading to have IP address 192.168.0.2? Both the above must be "yes" for the second rule you have (the one that's not apparently working properly) to count packets. Now for the suggestion where I think you *may* have an error: 3. Do you have any PREROUTING nat rules which mean that by the time packets hit the FORWARD chain, they're no longer addressed to 192.168.0.2? A good way to answer this would be to show us the rule in your FORWARDing filter table which allows the connection (the upload connection which you are having problems measuring) to work. I cannot think of any reason why a rule in the FORWARD mangle table would not see packets which are correctly being processed by the FORWARD filter table. Regards, Antony. -- "There has always been an underlying argument that we should open up our source code more broadly. The fact is that we are learning from open source and we are opening our code more broadly through Shared Source. Is there value to providing source code? The answer is unequivocally yes." - Jason Matusow, head of Microsoft's Shared Source Program, in response to recent leaks of Windows source code on the Internet. Please reply to the list; please don't CC me.