From: Les M. <les...@gm...> - 2009-05-26 14:14:37
|
Boniforti Flavio wrote: >>> Chain INPUT (policy ACCEPT 22M packets, 55G bytes) >>> pkts bytes target prot opt in out source >>> >> destination >> >>> 0 0 tcp -- * * 0.0.0.0/0 >>> >> 127.0.0.1 tcp dpt:8876 >> >> Your rule is incorrect. I'll quote myself: >> >>> iptables -I INPUT -s client_addr -d backuppc_server_addr -p tcp >>> --sport 22 >>> > > The source port *isn't* 22, because nothing is travelling through port > TCP 22. As far as I can see while backups are running ("netstat -na | > grep 8873"): > > storebox:~# netstat -na | grep 8873 > tcp 0 0 127.0.0.1:8873 0.0.0.0:* > tcp 0 0 127.0.0.1:8873 127.0.0.1:56713 > tcp 0 0 127.0.0.1:56713 127.0.0.1:8873 > tcp6 0 0 ::1:8873 :::* > > And iptables shows the parts I already posted (showing data transfer > happening on that 8873 TCP port). > > >> So, change --sport to --dport and vice-versa. >> >> >>> iptables -I INPUT -d localhost -p tcp --dport 8873 >>> >> should be >> >> >>> iptables -I INPUT -d localhost -p tcp --sport 8873 >>> > > I'll be trying it for the next backup run (tonight) > I thought you wanted to measure the compressed ssh packets that transport the tunnel, not the uncompressed data as it is seen locally going in and out of the tunnel.. -- Les Mikesell les...@gm... |