LinuxQuestions.org - Iptables, traffic logging

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Iptables, traffic logging (https://www.linuxquestions.org/questions/linux-networking-3/iptables-traffic-logging-264212/)

burn0ut

12-08-2004 06:40 PM

Iptables, traffic logging

Yow, I am using iptrafficvolume.sourceforge.net to log a servers traffic. The script logs traffic when the iptable begins with ACC-
BUT, when I trie to make an iptable rule for a counterstrike server, he cant log it.
I thought this lines where good to log his traffic:

Code:

iptables -N ACC-cs1

iptables -A ACC-cs1 -s ! xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx --protocol tcp --destination-port 27015 -j ACCEPT

iptables -A ACC-cs1 -s xxx.xxx.xxx.xxx -d ! xxx.xxx.xxx.xxx --protocol tcp --destination-port 27015 -j ACCEPT

iptables -I INPUT -i eth0 -j ACC-cs1

iptables -I OUTPUT -o eth0 -j ACC-cs1

Where do I make a mistake? :confused:

burn0ut

12-09-2004 01:54 AM

Does nobody know an answer to this problem?

Has somebody another solution to monitor gameservers network traffic?

burn0ut

12-09-2004 10:07 AM

Comon, you aren't going to say me that there is nobody who kan make iptables to log all traffic on port 27015, I just cant make it work. :(

Demonbane

12-09-2004 07:35 PM

add this to your ACC-cs1 chain:

Code:

iptables -N ACC-cs1

iptables -A ACC-cs1 -p tcp --dport 27015 -j LOG --log-prefix="CS Traffic"

iptables -A ACC-cs1 -s ! xxx.xxx.xxx.xxx -d xxx.xxx.xxx.xxx --protocol tcp --destination-port 27015 -j ACCEPT

iptables -A ACC-cs1 -s xxx.xxx.xxx.xxx -d ! xxx.xxx.xxx.xxx --protocol tcp --destination-port 27015 -j ACCEPT

burn0ut

12-11-2004 04:08 AM

Thx!

After searching a long time, I found that I made a big mistake. Most gameservers use the UDP protocol to send traffic...
So I changed my rules a bit (also the destination port) and now they work! Thx :)

All times are GMT -5. The time now is 02:23 PM.