What's new

Voxel Voxel + iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bdwall

New Around Here
I have Voxel firmware V1.0.2.80.5SF flashed to my R7800 with Entware installed. Stock configuration.

I'm trying to configure iptables for traffic accounting for one of the devices on my LAN.

# iptables -A FORWARD -s 192.168.1.3
# iptables -A FORWARD -d 192.168.1.3

I downloaded roughly 50 MB worth of files to 192.168.1.3 and check the byte counters:

# iptables -L FORWARD -vxn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
669 51866 all -- * * 0.0.0.0/0 192.168.1.13
4302 912761 all -- * * 192.168.1.13 0.0.0.0/0
14678 8275711 brwan_fwd all -- brwan * 0.0.0.0/0 0.0.0.0/0
38646 6723761 br0_fwd all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 br0_fwd all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

The numbers always seem to be under-reported. I can't figure out how to get iptables (or ebtables) to show accurate byte counts.

The brwan and br0 interfaces show accurate TX and RX totals when using ifconfig.

Is there something that needs to be enabled or configured at boot, or is this the wrong approach?

thanks.
 
Reason is the hardware acceleration in the modem. Traffic that is handled inside that acceleration cpu, is not seen by iptables counters.
If you'd really want to have accurate accounting by iptables, then you could disable accelleration via ssh.
Code:
/etc/init.d/qca-nss-ecm stop

Depending on the size of your network and the speed of your isp, you might or might not see a big degradation of speed.
 
Ah, thanks for the explanation. I figured there had to be something in the middle. I'll run some tests to determine the impact of disabling the accelerator.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top