missing network usage through iptables
Posted
by
Purres
on Server Fault
See other posts from Server Fault
or by Purres
Published on 2013-06-29T01:15:16Z
Indexed on
2013/06/29
4:22 UTC
Read the original article
Hit count: 530
I inserted a rule to iptables to track the input usage to a certain ip address. The vps server's IP is 192.168.1.5 and the guest os's IP is 192.168.1.115. I ran 'yum update' inside the guest OS to get some network traffic. Then I ran iptables -vnL from the hypervisor. However it only showed network usage to the host, but not to the guest.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target source destination
0 0 0.0.0.0/0 0.0.0.0/0 destination IP range 192.168.1.115-192.168.1.115
1853 114K 0.0.0.0/0 0.0.0.0/0 destination IP range 192.168.1.5-192.168.1.5
I ran tcpdump and the log showed that there're data packets to the guest os.
16:17:43.932514 IP mirrordenver.fdcservers.net.http > 192.168.1.115.34471: Flags [.], seq 17694667:17696115, ack 1345, win 113, options [nop,nop,TS val 1060308643 ecr 1958781], length 1448
16:17:43.932559 IP 192.168.1.115.34471 > mirrordenver.fdcservers.net.http: Flags [.], ack 17696115, win 15287, options [nop,nop,TS val 1958869 ecr 1060308643], length 0
Why the guest OS network usage couldn't be tracked?
iptables -L will return the INPUT chain as following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
all -- anywhere anywhere destination IP range 192.168.1.115-192.168.1.115
all -- anywhere anywhere destination IP range 192.168.1.5-192.168.1.5
all -- anywhere anywhere
© Server Fault or respective owner
