Accounting with iptables vs. snmp

Richard Hauswald staenker at
Tue Apr 26 16:15:29 CEST 2005

Stefan-Michael. Guenther (in-put GbR) wrote:
> Hi,
> using iptables I have setup a traffic accounting on one of our client's 
> gateways:
> iptables -A INPUT -i $WAN -j LOG --log-level debug
> iptables -A OUTPUT -o $WAN -j LOG --log-level debug
> iptables -A FORWARD -j LOG --log-level debug
> syslogd collects the entries in a single file which is analysed daily.
> The results corresponds to the amount of data I get with "iptables -L -v -n" .
> The provider of our client uses snmp on his router to calculate the traffic.
> Strange, but true: The numbers are never the same, sometimes iptables logs 
> more traffic, sometimes snmp. The differences are between 1 and 25 %.
> Obviously someone is doing something wrong. The provider is one of Germany's 
> big player, so I guess I made the mistake. But where and why?
> Thanks for any hint.
> Stefan

Hello Stefan,
maybe (!)... your problem is simple so solve. You are appending this 
rules with the LOG target. So you will not count traffic which is 
blocked. Just write an -I instead of -A. But i don't know if thats the 
problem which took up to 25% of traffic difference. It sounds very 
strange, if you say that some times you count more than your provider 
and another day your provider counts more. Maybe you have an failure 
based on rounding the bytes to megabytes?


There are only 10 types of people in the world:
Those who understand binary, and those who don't

More information about the netfilter mailing list