Voxel Voxel + iptables

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

bdwall

New Around Here
I have Voxel firmware V1.0.2.80.5SF flashed to my R7800 with Entware installed. Stock configuration.

I'm trying to configure iptables for traffic accounting for one of the devices on my LAN.

# iptables -A FORWARD -s 192.168.1.3
# iptables -A FORWARD -d 192.168.1.3

I downloaded roughly 50 MB worth of files to 192.168.1.3 and check the byte counters:

# iptables -L FORWARD -vxn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
669 51866 all -- * * 0.0.0.0/0 192.168.1.13
4302 912761 all -- * * 192.168.1.13 0.0.0.0/0
14678 8275711 brwan_fwd all -- brwan * 0.0.0.0/0 0.0.0.0/0
38646 6723761 br0_fwd all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 br0_fwd all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

The numbers always seem to be under-reported. I can't figure out how to get iptables (or ebtables) to show accurate byte counts.

The brwan and br0 interfaces show accurate TX and RX totals when using ifconfig.

Is there something that needs to be enabled or configured at boot, or is this the wrong approach?

thanks.
 

R. Gerrits

Senior Member
Reason is the hardware acceleration in the modem. Traffic that is handled inside that acceleration cpu, is not seen by iptables counters.
If you'd really want to have accurate accounting by iptables, then you could disable accelleration via ssh.
Code:
/etc/init.d/qca-nss-ecm stop

Depending on the size of your network and the speed of your isp, you might or might not see a big degradation of speed.
 

bdwall

New Around Here
Ah, thanks for the explanation. I figured there had to be something in the middle. I'll run some tests to determine the impact of disabling the accelerator.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top