Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: CapSel <capsel@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] iptraf vs iptables (mangle & access)
Date: Fri, 02 Mar 2007 15:20:46
Message-Id: d03887390703020714m4efdc6a6wa80bc78054d72c26@mail.gmail.com
1 On 3/2/07, Daniel Iliev <danny@××××××××.com> wrote:
2 >
3 > CapSel wrote:
4 > > On 3/1/07, *Boyd Stephen Smith Jr.* <bss03@××××××××××.net
5 > > <mailto:bss03@××××××××××.net>> wrote:
6 > >
7 > > That would be correct, since every forwarded packet passes though
8 > > both the
9 > > pre-routing and post-routing chains, so you are counting every
10 > > packet (at
11 > > least those that are not dropped in the FORWARD chain) twice.
12 > >
13 > >
14 > > I don't fully understand how is that possible that my rules count
15 > > packet twice, could you explain it more briefly?
16 > >
17 > > I specified -i eth0 in PREROUTING and -o eth0 in POSTROUTING. Isn't
18 > > this correct way to count packets only once? ...and I'm getting values
19 > > only from chain 'stat', which is called only from PREROUTING and
20 > > POSTROUTING with specified network interface respectively to direction
21 > > (-i/-o eth0).
22 > > So in my opinion a packet traveling through the router to my network
23 > > passes only once through 'stats' as it is accepted only in PREROUTING
24 > > with -i eth0, and not in POSTROUTING with -o eth0, as it goes out from
25 > > eth1. Am I correct?
26 >
27 >
28 > Perhaps this packet travel diagram will help:
29 >
30 > http://www.linuxnetmag.com/share/issue9/iptables3.jpg
31
32
33 To be totally sure - when packet arrives from internet to eth0 it passes
34 through PREROUTING as packet "that comes from eth0", then it travels across
35 FORWARD as packet "that comes from eth0 toward eth1", and finally it goes to
36 POSTROUTING as packet "that wants to come out through eth1"? And if I have
37 rules:
38
39 -t mangle -A PREROUTING -i eth0 -j stats
40 -t mangle -A POSTROUTING -o eth0 -j stats
41 (there are no other rules that jumps to stats, and these are only rules in
42 mangle table)
43
44 how many times the packet would pass through 'stats'?
45
46 >From witch places on this diagram iptraf takes values?
Report Message
Find on MARC Find on Google Groups