Re: [BackupPC-users] [OT] Using iptables for traffic accounting

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Boniforti Flavio wrote:
>>> Chain INPUT (policy ACCEPT 22M packets, 55G bytes)
>>>  pkts bytes target     prot opt in     out     source     
>>>       
>> destination
>>     
>>>     0     0            tcp  --  *      *       0.0.0.0/0  
>>>       
>> 127.0.0.1           tcp dpt:8876
>>
>> Your rule is incorrect. I'll quote myself:
>>     
>>> iptables -I INPUT -s client_addr -d backuppc_server_addr -p tcp 
>>> --sport 22
>>>       
>
> The source port *isn't* 22, because nothing is travelling through port
> TCP 22. As far as I can see while backups are running ("netstat -na |
> grep 8873"):
>
> storebox:~# netstat -na | grep 8873
> tcp        0      0 127.0.0.1:8873          0.0.0.0:*       
> tcp        0      0 127.0.0.1:8873          127.0.0.1:56713 
> tcp        0      0 127.0.0.1:56713         127.0.0.1:8873  
> tcp6       0      0 ::1:8873                :::*            
>
> And iptables shows the parts I already posted (showing data transfer
> happening on that 8873 TCP port).
>
>   
>> So, change --sport to --dport and vice-versa.
>>
>>     
>>> iptables -I INPUT -d localhost -p tcp --dport 8873
>>>       
>> should be
>>
>>     
>>> iptables -I INPUT -d localhost -p tcp --sport 8873
>>>       
>
> I'll be trying it for the next backup run (tonight)
>   

I thought you wanted to measure the compressed ssh packets that 
transport the tunnel, not the uncompressed data as it is seen locally 
going in and out of the tunnel..

-- 
  Les Mikesell
   les...@gm...