Re: Ip accounting Help--> Urgent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 26 June 2004 5:30 am, Joel Solanki wrote:

> Hello all, ANTONY ...hoping something from u :)

Good morning :)

> I am testing ip accounting on my production server for last 2 days but i
> can sort the things. Any body if u could throw little light that would
> be really helpful to me.
> This is my testing results.
>
> # $IPT -t mangle -i eth1 -A FORWARD -s 192.168.0.2
> # $IPT -t mangle -o eth0 -A FORWARD -d 192.168.0.2
>
> Results:-
>
> Chain FORWARD (policy ACCEPT 6853 packets, 2981K bytes)
>  pkts bytes target     prot opt in     out     source        destination
>  3267 1483K            all  --  eth1   *       192.168.0.2   0.0.0.0/0
>     0     0            all  --  *      eth0    0.0.0.0/0     192.168.0.2
>
> I download squid-2.5.STABLE5.tar.gz from my ftp server.
> The size of squid is 1.3M
>
> Now when i did upload same squid package from local machine to remote
> ftp server it doesnt show any bytes counter in second command :--you can
> see that above ...counters bytes are 0.

Two very obvious questions first - I don't think these will be the problem, 
but I might as well check:

1. Is the machine you are uploading to connected via eth0?
2. Does the machine you are uploading to have IP address 192.168.0.2?

Both the above must be "yes" for the second rule you have (the one that's not 
apparently working properly) to count packets.

Now for the suggestion where I think you *may* have an error:

3. Do you have any PREROUTING nat rules which mean that by the time packets 
hit the FORWARD chain, they're no longer addressed to 192.168.0.2?

A good way to answer this would be to show us the rule in your FORWARDing 
filter table which allows the connection (the upload connection which you are 
having problems measuring) to work.

I cannot think of any reason why a rule in the FORWARD mangle table would not 
see packets which are correctly being processed by the FORWARD filter table.

Regards,

Antony.

-- 
"There has always been an underlying argument that we should open up our 
source code more broadly. The fact is that we are learning from open source 
and we are opening our code more broadly through Shared Source.

Is there value to providing source code? The answer is unequivocally yes."

 - Jason Matusow, head of Microsoft's Shared Source Program, in response to 
recent leaks of Windows source code on the Internet.

                                                     Please reply to the list;
                                                           please don't CC me.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux