From: Les M. <le...@fu...> - 2009-05-26 14:33:42
|
Boniforti Flavio wrote: >> I thought you wanted to measure the compressed ssh packets >> that transport the tunnel, not the uncompressed data as it is >> seen locally going in and out of the tunnel.. >> > > Yes, I'd like to measure what is being transferred from my WAN-side to > the other WAN-side (therefore you're right when talking about > *compressed* data). > If you're saying that to measure that sort of data, I'd better watch > what's travelling on TCP port 22, why didn't I see anything being > transferred to/from that port? > I used these rules: > > iptables -I INPUT -s remotehost -d localhost -p tcp --sport 22 > iptables -I OUTPUT -s localhost -d remotehost -p tcp --dport 22 > > I thought these could be right, because of this netstat output: > > storebox:~# netstat -na | grep remotehost > tcp 0 0 172.16.16.222:50097 remotehost:22 > You have 'localhost' in your rules, which means 127.0.0.1, but the connection is really with your ethernet IP address. I'd just omit the local side of those rules and track everything going to the remote IP address. -- Les Mikesell les...@gm... |