Iptables: bytes count does increment

[Spytronic]

Hello Guys,

I will explain my environment:

I need to monitor the total traffic of my Network. I want create some iptables rules like the example:

192.168.0.1 to any (customer 1)
192.1268.0.2 to any (customer 2)
192.168.0.3 to any (customer 3)... and go on...

I did a mirroring in my switch port from the firewall port to my CentOS. This is a trunk port, so It receive 802.1q traffic with vlans tags.

The problem is: the byte count is always 0.

1 - I see all the traffic with tcpdump
2 - I thought that might be the vlan tag, I used the br_netfilter module and give a "echo 1 >" in the /proc/sys/net/bridge/bridge-nf-call-iptable and bridge-nf-filter-vlan-tagge, no success.
3 - After, I tried to use the 802.1q module and create sub-interfaces to remove the tag, I saw that works using tcpdump, but no success with the bytes count of iptables.
4 - I tried to use promiscuous port, no success.
5 - I tried to turn on the ip_forward because the rule is using the FORWARD chain, but no success.

Anybody have any ideia why the iptables does not increment the bytes count when I use mirroring traffic ???

[tunk]

ifconfig shows some TX/RX data.

[hunter86_bg]

Are you using VMs or you are monitoring incomming traffic?

[TrevorH]

Do you have an ip address assigned to the interface?

[Spytronic]

ifconfig shows some TX/RX data.

Yes

Are you using VMs or you are monitoring incomming traffic?

No, is a baremetal server, I´m trying to monitor the traffic that go to the internet, out

Do you have an ip address assigned to the interface?

No

[TrevorH]

No ip address and I suspect that means iptables isn't involved. I think it's only called by the kernel for packets that are inbound to the machine. Even with an ip address I suspect it won't be invoked for packets that are not specifically destined for this machine.