Hello Guys,
I will explain my environment:
I need to monitor the total traffic of my Network. I want create some iptables rules like the example:
192.168.0.1 to any (customer 1)
192.1268.0.2 to any (customer 2)
192.168.0.3 to any (customer 3)... and go on...
I did a mirroring in my switch port from the firewall port to my CentOS. This is a trunk port, so It receive 802.1q traffic with vlans tags.
The problem is: the byte count is always 0.
1 - I see all the traffic with tcpdump
2 - I thought that might be the vlan tag, I used the br_netfilter module and give a "echo 1 >" in the /proc/sys/net/bridge/bridge-nf-call-iptable and bridge-nf-filter-vlan-tagge, no success.
3 - After, I tried to use the 802.1q module and create sub-interfaces to remove the tag, I saw that works using tcpdump, but no success with the bytes count of iptables.
4 - I tried to use promiscuous port, no success.
5 - I tried to turn on the ip_forward because the rule is using the FORWARD chain, but no success.
Anybody have any ideia why the iptables does not increment the bytes count when I use mirroring traffic ???
Iptables: bytes count does increment
Re: Iptables: bytes count does increment
ifconfig shows some TX/RX data.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Iptables: bytes count does increment
Are you using VMs or you are monitoring incomming traffic?
Re: Iptables: bytes count does increment
Do you have an ip address assigned to the interface?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Iptables: bytes count does increment
Yestunk wrote:ifconfig shows some TX/RX data.
No, is a baremetal server, I´m trying to monitor the traffic that go to the internet, outtunk wrote:Are you using VMs or you are monitoring incomming traffic?
Notunk wrote:Do you have an ip address assigned to the interface?
Re: Iptables: bytes count does increment
No ip address and I suspect that means iptables isn't involved. I think it's only called by the kernel for packets that are inbound to the machine. Even with an ip address I suspect it won't be invoked for packets that are not specifically destined for this machine.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke