2
I have the following IPTables rules - basically to allow only 2 IP addresses to access the internet. These rules are on my home wifi router running DD-WRT.
Chain INPUT (policy ACCEPT 16114 packets, 1355844 bytes)
pkts bytes target prot opt in out source destination
1454 106133 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
257 14367 ACCEPT 0 -- any any anywhere 192.168.1.101
461 39776 ACCEPT 0 -- any any 192.168.1.101 anywhere
513 57439 ACCEPT 0 -- any any anywhere 192.168.1.104
781 39507 ACCEPT 0 -- any any 192.168.1.104 anywhere
Chain OUTPUT (policy ACCEPT 12408 packets, 2700791 bytes)
pkts bytes target prot opt in out source destination
1055 186138 ACCEPT tcp -- any any anywhere anywhere tcp spt:ssh
I also want to track the number of bytes received or transmitted by each of these 2 IPs.
I am looking at the Bytes column in iptables -vx -L FORWARD to know the bytes sent/received.
However the numbers in the Bytes column seems to be much less than what i expect. The above numbers have been recorded after downloading more than 10MB of data on 192.168.1.101. The downloaded byte count reads only 14KB.
Why does this difference exist? Is there something i am missing?
Madhavan Malolan
Posted 2018-03-16T01:36:08.520
Reputation: 121
This is just a guess but I don’t think packets that are NATed to the internet pass through the FORWARD chain. You should be looking for statistics in the POSTROUTING chain, and the results will be combined for all traffic to the internet unless you create individual NAT rules. – Appleoddity – 2018-03-16T04:17:40.387
@Appleoddity https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg
– A.B – 2018-03-16T20:26:20.907Have you found any answer for this question? – Rasool Ziafaty – 2019-08-17T12:40:02.480