Witam
Tuesday, July 27, 2004, 4:26:15 PM, you wrote:
>> $IPTABLES -t mangle -A FORWARD -i $LOCAL_IF -o $INET_IF -j statsout
>> $IPTABLES -t mangle -A FORWARD -i $INET_IF -o $LOCAL_IF -j statsin
> You do not need to have a "-j target" at the end of a rule if you don't want
> one. The above rule will still count the packets, and you can see the
> packet/byte counters with "iptables -L FORWARD -t mangle -nvx".
Ok, i'll try this, but im still wondering why my rules works
incorrectly. In theory (my theory :) first rule redirects packets
lan -> internet to statsout, and in statsout chain they are counted by
type of traffic.
The same goes to second rule, but there is internet -> lan traffic
redirected.
But unfortunately this won't work that way. Why? Output form iptables
-t mangle -L -vn is attached.
--
Pozdrawiam
Marcin mailto:slacklist@xxxxx
root@serwer:/etc/rc.d# iptables -t mangle -L -vn
Chain PREROUTING (policy ACCEPT 279K packets, 52M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 19339 packets, 2118K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 190K packets, 16M bytes)
pkts bytes target prot opt in out source destination
50145 25M CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
47938 25M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.6 --ipp2p MARK set 0x1
3 144 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 MARK set 0x4
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0x3
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 MARK set 0x3
2 96 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 MARK set 0x5
1491 71488 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0x2
8 384 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 MARK set 0x2
100 4800 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 MARK set 0x6
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 MARK set 0x7
2207 122K CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
2150 107K statsout all -- eth0 ppp0 0.0.0.0/0 0.0.0.0/0
562 81524 statsin all -- ppp0 eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 21282 packets, 1313K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 281K packets, 51M bytes)
pkts bytes target prot opt in out source destination
61681 25M TTL all -- * * 0.0.0.0/0 0.0.0.0/0 TTL set to 128
Chain statsin (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x1
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x4
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x3
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x5
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x6
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x7
562 81524 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0
Chain statsout (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x1
3 144 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x4
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x3
2 96 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x5
1499 71872 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2
100 4800 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x6
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x7
546 29999 all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0
