Thread Info
  • State Not Answered
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 56 replies
  • Subscribers 34 subscribers
  • Views 11523 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18: Bug with data counting in firewall rules?

cryptochrome

Hi,

I am noticing a strange behavior in v18 and the data counting in the firewall rules. I have some incoming rules (from Internet to DMZ) that are coupled with corresponding DNAT rules. The DMZ contains webservers, so they send a lot more data than they receive. However, the counters in the rules are the other way around: They show a lot more incoming data than outgoing data. 

Unless I am completely misinterpreting these counters (which I would like to rule out), it appears to me these counters have been reversed, e.g. incoming is actually showing outgoing, and outgoing is showing incoming. 

Any thoughts?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi cryptochrome, 

    Could you please share the screenshot of the firewall rule that shows data in and out counters? I will verify if it should be like that or not and update you.

    Thanks,

  • 0 in reply to FormerMember

    Hi cryptochrome, 

    Could you please share the screenshot of the firewall rule that shows data in and out counters? I will verify if it should be like that or not and update you.

    Thanks,

     

    Sure, here you go:

    Firewall Rule:

    Corresponding NAT rule:

    Firewall Rule Details:

     

    Note that this is just one example. I am seeing the same "reversed" counter on other incoming rules. 

    How do you count the data? If someone on the internet initiates the connection and transfers a lot of data, does that count as incoming or outgoing?

  • +1 in reply to cryptochrome

    Hi  

    To answer your question about how the data counter works, if someone on the internet uploads to your webserver, that would be incoming traffic.  The server responses to those connections will be less unless you are downloading data from internet to local LAN.

    I hope that clears it up.

     

    Thanks!

  • 0 in reply to KingChris

    My Plex rule (and others) is the same, and I have always been so confused.  When I was on v17, I noticed it was only the "Business" rules which did this.  The other rule type (User / Network??) was the other way around, which is what I would expect.  So it has to do with DNAT rules it seems.  So confused.

    Just now I checked and it shows "in 42GB, out 371MB".  My Plex server itself is not taking in that much data, but serving up to family/friends.  Why is this counted as "in"?  I can't wrap my head around it.  This is clearly 42GB leaving my Plex server, hitting the XG and then going out the WAN.

  • +1 in reply to NateP2

    *Edit* To reflect this Thread better;

     

     

    V17.5 Client to Server through DNAT.

    Upload Something:

    Download something:

    Same behavior like V18. 

     

     

    LAN to WAN. Download shown as IN Bytes.

    DMZ to WAN. Download shown as IN Bytes.

    WAN to DMZ(DNAT). Download shown as IN Bytes. 

     

    The Plex Scenario shows this perfectly. 

    If the Client is in LAN, Plex in DMZ, streaming a Movie shows the movie as IN Bytes. 

    If the Client is in WAN, Plex in DMZ, Streaming a Movie shows the movie as IN Bytes. 

     

    Just to be complete.

    Client - XG1 SNAT - Internet - XG2 DNAT - Server 

    Client Upload:

    XG1 (SNAT):

    XG2 (DNAT):

     

     

    Client Download something:

    XG1 (SNAT):

    XG2 (DNAT):

     

  • 0 in reply to KingChris

    KingChris said:

    Hi  

    To answer your question about how the data counter works, if someone on the internet uploads to your webserver, that would be incoming traffic.  The server responses to those connections will be less unless you are downloading data from internet to local LAN.

     

     

    If that is the case then my observation is correct and we are looking at a bug here. The data is counted in the wrong directions for connections that are subject to DNAT. See Nate's response, too. He pretty much confirms it. 

Reply
  • 0 in reply to KingChris

    KingChris said:

    Hi  

    To answer your question about how the data counter works, if someone on the internet uploads to your webserver, that would be incoming traffic.  The server responses to those connections will be less unless you are downloading data from internet to local LAN.

     

     

    If that is the case then my observation is correct and we are looking at a bug here. The data is counted in the wrong directions for connections that are subject to DNAT. See Nate's response, too. He pretty much confirms it. 

Children
  • 0 in reply to cryptochrome

    To add to my answer above something: 

     

    Actually you could resolve this by a little Switch in a Firewall to give the Administrator the possibility to "Switch" IN / OUT. 

    A little flag to tell the Firewall "This Rule is for NAT!". 

    But this would be just a "easy way out". I would actually hope, this is resolved in a deeper level in the upcoming releases!  :)