Re: [BackupPC-users] [OT] Using iptables for traffic accounting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Boniforti Flavio wrote:
>> You are not looking at the complete output of netstat -an. 
>> You need to look at the traffic over the wire, or in this 
>> case, the SSH traffic between the two hosts. The rsync 
>> traffic being sent/recd on the SSH tunnel is NOT the same 
>> thing (especially if you enable ssh compression).
> 
> Sorry, you're right: if looking at port 22 of the remotehost I get:
> 
> storebox:~# netstat -na | grep remotehost
> tcp        0      0 172.16.16.222:50097     remotehost:22
> ESTABLISHED
> 
> And with iptables:
> 
> Chain INPUT (policy ACCEPT 22M packets, 56G bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0            tcp  --  *      *       remotehost
> 127.0.0.1           tcp spt:22
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 
> Chain OUTPUT (policy ACCEPT 14M packets, 31G bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     0     0            tcp  --  *      *       127.0.0.1
> remotehost         tcp dpt:22
> 
> Therefore I think there's no traffic directly over SSH port 22, instead
> everything passes over port 8873, but if I'm wrong just teach me how it
> really is working.

I think this is your problem, you are assuming you will get a connection
between localhost (127.0.0.1) and remotehost (remotehost). However,
localhost (127.0.0.1) can *only* talk to the localhost (127.0.0.1/8 I
think which is in fact a whole network)

The connection will be between the IP address of the device which
traffic leaves backuppc host to get to the remotehost. (ie, usually the
IP of eth0).

>> You really do want to look at the ssh tunnel for the traffic count...
> Yes, indeed: that's my goal, because as far as I understood it, data is
> being transferred *within* the SSH tunnel (rsync is running "inside" the
> tunnel). So how do *you* think my rules should be set up?

Send us the output of ifconfig -a and route -n of both backuppc and
remotehost, and I'm sure we could better advise you. However, from the
above you should be able to work it out as well.

In any case, we restrict your rules by both source and destination? If
your backuppc host does not act as a router, the *only* traffic it will
see is backup traffic. Thus you could simply count all traffic on the
backuppc host with a destination ip remotehost, and dport 22 (on the
OUTPUT), and then count all traffic with a source ip remotehost and
sport 22 (on the INPUT).

- -A -I --source remotehost --sport 22
- -A -O --dest remotehost --dport 22
I think you need to add the TCP in the above, but any other restrictions
are probably not needed.

PS, of course, if remotehost doesn't run ssh on port 22 but uses another
port, then you need to adjust accordingly.

Regards,
Adam

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkob8G0ACgkQGyoxogrTyiUTPgCfU0CE2cY6iRJ7SV3Gek78wbz2
irIAn0VRuJGmYxVkZ3wwzu7YURp4eup6
=SFgd
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/