OpenWrt Linux Iptables-based traffic statistics

Brief introduction

At present, the OPENWRT system in the flow of statistics to do the best should be "stone ghost" firmware, used to do the flow of statistics tools are also many such as: Tomato,luci-app-statistics.

This article wants to introduce a traffic statistic method based on Iptables rule. The basic principle of this method is to use Iptables's own traffic statistic function to rule chain, and realize the statistic of specific traffic by making different rules and hanging on different tables and chains.

The benefits of this method are as follows:

1, flexible statistics of a variety of traffic.

2, traffic statistics accurate.

3, easy to expand.

Iptables Introduction

iptables Table Description

The mangle table #主要作用是更具规则修改数据包的标志 so that other rules or applications can handle it. Do not do drop handling in this table.

-->prerouting #在执行路由决策前的数据经过该链.

-->input #本机接收的数据包经过该链.

-->forward #需要转发出去的数据包经过该链.

-->output #本机发出的数据包经过该链.

-->postrouting #在执行完路由决策后即将发送出去的数据包经过该链.

Nat Table #顾名思义该表主要做网络地址装换的. such as: SNAT DNAT REDIRECT. The table cannot perform discard actions on the packet.

-->prerouting # The data passing through the chain before the routing decision is executed can be done on the chain redirect

-->postrouting #在执行完路由决策后即将发送出去的数据包经过该链. SNAT

-->output #本机发出的数据包经过该链.

The filter table #在该表上主要做数据包的过滤.

-->input #到本机数据包的的过滤.

-->forward #转发数据包的过滤.

-->output #本机发出的数据包的过滤.

iptables Data Flow description

This article is from the "record Little Harvest Growth" blog, please be sure to keep this source http://gofly.blog.51cto.com/4344767/1689668

OpenWrt Linux Iptables-based traffic statistics