On Saturday 26 June 2004 10:20 am, Joel Solanki wrote:
> Good morning Antone and all.
>
> LINUX SERVER eth0 200.200.200.200 (public ip) --> switch
> eth1 192.168.0.1/24 -------------> switch
>
> Yes 192.168.0.2 is the ip of windows 98 machine.
Windows 98? And it's running an FTP server???
I'm surprised...
> Chain FORWARD (policy ACCEPT 5299 packets, 1571K bytes)
> pkts bytes target prot opt in out source destination
> 2672 1461K all -- eth1 * 192.168.0.2 0.0.0.0/0
> 2627 110K all -- eth0 * 0.0.0.0/0 192.168.0.2
>
> I have tested again this rules
> I just upload squid.tar.gz which is of 1.3M. and i found the above
> results. Its only showing the 110K bytes ...file is of 1.3M and traffic
> bytes are more in other rule ..its showing 1461K. so i cant get what is
> exactly going on with this chains...
Please let's clarify which machine is doing exactly what...
You say you have a Windows 98 machine on IP 192.168.0.2
Your rules have recorded 1461kbytes *sent from* that machine to somewhere
else, and 110kbytes *received by* that machine from somewhere.
That to me is entirely consistent with you saying you have uploaded (by which
I assume you mean "sent to somewhere else") 1.3Mbytes of data by FTP.
My suggestion is:
1. Clear the counters to zero with "iptables -Z FORWARD -t mangle"
2. Download (receive) a file on machine 192.168.0.2 of some known size.
3. Check the counters with "iptables -L FORWARD -t mangle -nvx"
4. Upload (send) some *other* file of a different size from machine
192.168.0.2
5. Check the counters again.
6. Let us know if the first rule shows a byte count noticeably different from
what you sent, or the second rule shows a byte count noticeably different
from what you received.
Hope this helps,
Antony.
--
Behind the counter a boy with a shaven head stared vacantly into space,
a dozen spikes of microsoft protruding from the socket behind his ear.
- William Gibson, Neuromancer (1984)
Please reply to the list;
please don't CC me.
