IPTables Show data transferred size in KB, MB

priyadarshan · 02-12-2009, 03:30 AM

I have used IPTable rules to implement bandwidth usage on per IP per port base.....All things work fine......But when I put command

iptables -nvL

than it shows data transfered in bytes only....I want to see things in KB or MB what shud I do???

datopdog · 02-12-2009, 03:35 AM

are u sure as i do see traffic in MB and GB

priyadarshan · 02-12-2009, 03:41 AM

Yes sir, I am sure.......

See sir I am posting here the rules I have deployed

Just a min sir

datopdog · 02-12-2009, 03:46 AM

It could be that the traffic that has matched those rules has not hit the MB levels yet

priyadarshan · 02-12-2009, 03:48 AM

iptables -A INPUT -s 192.168.1.0/10 -j sys
iptables -A INPUT -d 192.168.1.0/10 -j sys

iptables -A INPUT -s 10.10.135.0/24 -j sys_
iptables -A INPUT -d 10.10.135.0/24 -j sys_

I have developed two subchains sys and sys_

iptables -A sys -d 192.168.1.9
iptables -A sys -d 192.168.1.9 -p tcp --dport 80
iptables -A sys -d 192.168.1.9 -p tcp --sport 80

iptables -A sys -s 192.168.1.9
iptables -A sys -s 192.168.1.9 -p tcp --dport 80
iptables -A sys -s 192.168.1.9 -p tcp --sport 80

iptables -A sys_ -d 10.10.135.22
iptables -A sys_ -d 10.10.135.22 -p tcp --dport 80
iptables -A sys_ -d 10.10.135.22 -p tcp --sport 80

iptables -A sys_ -s 10.10.135.22
iptables -A sys_ -s 10.10.135.22 -p tcp --dport 80
iptables -A sys_ -s 10.10.135.22 -p tcp --sport 80

priyadarshan · 02-12-2009, 03:49 AM

But sir It is hitting to KBs...........

Should I try to make it in MB????

win32sux · 02-12-2009, 03:49 AM

Quote:

Originally Posted by priyadarshan

iptables -A INPUT -s 192.168.1.0/10 -j sys
iptables -A INPUT -d 192.168.1.0/10 -j sys

iptables -A INPUT -s 10.10.135.0/24 -j sys_
iptables -A INPUT -d 10.10.135.0/24 -j sys_

I have developed two subchains sys and sys_

iptables -A sys -d 192.168.1.9
iptables -A sys -d 192.168.1.9 -p tcp --dport 80
iptables -A sys -d 192.168.1.9 -p tcp --sport 80

iptables -A sys -s 192.168.1.9
iptables -A sys -s 192.168.1.9 -p tcp --dport 80
iptables -A sys -s 192.168.1.9 -p tcp --sport 80

iptables -A sys_ -d 10.10.135.22
iptables -A sys_ -d 10.10.135.22 -p tcp --dport 80
iptables -A sys_ -d 10.10.135.22 -p tcp --sport 80

iptables -A sys_ -s 10.10.135.22
iptables -A sys_ -s 10.10.135.22 -p tcp --dport 80
iptables -A sys_ -s 10.10.135.22 -p tcp --sport 80

What is this? Some of these rules don't even have targets.

Could you post the actual output of "iptables -nvL", which is what you are having trouble with?

BTW, I'm moving this to Software, as it's not a security issue.

priyadarshan · 02-12-2009, 03:52 AM

Yes sir I did some mistakes while writing the things......But those rules are working properly......

The command
iptables -nvL is showing the packets as well as data transferred per IP as well as per post number.........but only in bytes..............

priyadarshan · 02-12-2009, 03:58 AM

pkts bytes targets prot opt in out source destination
258 44229 0 -- * * 0.0.0.0/24 10.10.135.22

These things come as output....

win32sux · 02-12-2009, 04:00 AM

The content below the bytes column should indeed make use of "M" (or whatever) whenever needed. I assume there's a fixed cutoff point/policy for the switch to happen but I don't know what it is. For example, the box I'm using right now looks like:

Code:

win32sux@batcave:~$ sudo iptables -nvL
Chain INPUT (policy DROP 772 packets, 168K bytes)
 pkts bytes target     prot opt in     out     source               destination         
1270K  840M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  173 11290 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1484K packets, 975M bytes)
 pkts bytes target     prot opt in     out     source               destination         
win32sux@batcave:~$

win32sux · 02-12-2009, 04:06 AM

If the idea behind all of this is that you wish to use the command in a script, then maybe use the -x option in order to force all byte counters to be exact (in bytes) and then just have the script perform basic division in order to obtain KB/MB/GB/TB/etc.

Code:

iptables -nvxL

priyadarshan · 02-12-2009, 04:16 AM

ok SIR.......

I too have tried iptables -nxvl but it shows the same.....

No probs.....

Now I am trying to make the data transfer till MBs so then I will see weather it works or not.......

Thanks............

priyadarshan · 02-12-2009, 04:19 AM

Sir I got it when I reached above 100 KB transfer thanks..........

win32sux · 02-12-2009, 04:27 AM

If you want a command to check the count for a certain rule, try something like:

Code:

iptables -nvxL INPUT --line-numbers | grep ^2 | awk '{print $3/1024" KB"}'

This example would show you the count in kilobytes for the second rule of the INPUT chain. To get it to show megabytes just change the division and the text you want to be output:

Code:

iptables -nvxL INPUT --line-numbers | grep ^2 | awk '{print $3/1048576" MB"}'

Example of this approach in action on my box:

Code:

win32sux@batcave:~$ sudo iptables -nvxL INPUT --line-numbers | grep ^1
1     1271279 840970742 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
win32sux@batcave:~$ sudo iptables -nvxL INPUT --line-numbers | grep ^1 | awk '{print $3/1048576" MB"}'
802.012 MB
win32sux@batcave:~$