Antony www.freshmeat.net got lot of tool for ip accounting :) On Sat, 26 Jun 2004 09:22:14 +0100, Antony Stone <antony@xxxxxxxxxxxxxxxxxxxx> wrote: > On Saturday 26 June 2004 5:30 am, Joel Solanki wrote: > > > Hello all, ANTONY ...hoping something from u :) > > Good morning :) > > > I am testing ip accounting on my production server for last 2 days but i > > can sort the things. Any body if u could throw little light that would > > be really helpful to me. > > This is my testing results. > > > > # $IPT -t mangle -i eth1 -A FORWARD -s 192.168.0.2 > > # $IPT -t mangle -o eth0 -A FORWARD -d 192.168.0.2 > > > > Results:- > > > > Chain FORWARD (policy ACCEPT 6853 packets, 2981K bytes) > > pkts bytes target prot opt in out source destination > > 3267 1483K all -- eth1 * 192.168.0.2 0.0.0.0/0 > > 0 0 all -- * eth0 0.0.0.0/0 192.168.0.2 > > > > I download squid-2.5.STABLE5.tar.gz from my ftp server. > > The size of squid is 1.3M > > > > Now when i did upload same squid package from local machine to remote > > ftp server it doesnt show any bytes counter in second command :--you can > > see that above ...counters bytes are 0. > > Two very obvious questions first - I don't think these will be the problem, > but I might as well check: > > 1. Is the machine you are uploading to connected via eth0? > 2. Does the machine you are uploading to have IP address 192.168.0.2? > > Both the above must be "yes" for the second rule you have (the one that's not > apparently working properly) to count packets. > > Now for the suggestion where I think you *may* have an error: > > 3. Do you have any PREROUTING nat rules which mean that by the time packets > hit the FORWARD chain, they're no longer addressed to 192.168.0.2? > > A good way to answer this would be to show us the rule in your FORWARDing > filter table which allows the connection (the upload connection which you are > having problems measuring) to work. > > I cannot think of any reason why a rule in the FORWARD mangle table would not > see packets which are correctly being processed by the FORWARD filter table. > > Regards, > > Antony. > > -- > "There has always been an underlying argument that we should open up our > source code more broadly. The fact is that we are learning from open source > and we are opening our code more broadly through Shared Source. > > Is there value to providing source code? The answer is unequivocally yes." > > - Jason Matusow, head of Microsoft's Shared Source Program, in response to > recent leaks of Windows source code on the Internet. > > Please reply to the list; > please don't CC me. > >
