Hey Guys,
Ive been having issues trying to use iptables to keep stats on traffic
that it sees in layer2 bridge mode. When the box is inline and running
under bridge mode, all traffic is accounted for and iptables keeps
proper stats however, when i move the linux box to a SPAN port
(traffic mirrored), iptables is no longer able to keep stats on the
packets being forwarded from one interface to another. is there anyway
around this problem? I am trying to use iptables for keeping stats and
graphing the data via rrdtool and I dont want the device to be placed
between my two network gear... instead id like to have it sit
somewhere on the switch fabric and simply keeping stats.
Here is a quick diagram... sorry if the diag sucks big time :)
----------------------
traffic generator |
----------------------
|
---------------------------- ------------------------------
Layer 3 Cisco Switch | --> SPAN PORT, vlan1 --> eth0 | iptables
bridge mode | eth1 --> { Dell switch }
---------------------------- ------------------------------
| "access ports, vlan1"
----------------------------
Layer 3 Cisco Switch |
----------------------------
|
---------------------
WWW Server |
---------------------
Reasons: I have the eth1 bridged port connected to a dell switch to
allow the bridged ports to activate and move into forwarding so
traffic can flow through the bridge
the traffic generator generates the traffic and uses the www server as
its destination ip address.
the 2 layer 3 cisco switches are there to simply do routing ( nothing
special, can get away with one but i am also using them as a testing
network for other things...)
both eth0 and eth1 are part of br0
I have ran tcpdump during the phase where the iptables is connected to
the span port and can confirm traffic flowing through the box however,
iptables can not match against policies and keep stats for the traffic
per destination based.
Thanks in advance and much appreciate any comments/help
Regards,
Payam
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
