As a general matter, following a quote from some other source with words to the effect that "I tried this and it didn't work" is not s good as quoting what you actually tried and the actual result. With firewalling, as with many things, the devil is in the details, and the way you allude to what you did gives us no way to spot possible errors of detail (for example, using -A instead of -I, which I discuss below).
At 04:50 PM 11/26/2003 +0100, Henning Jebsen wrote:
Hi Bino,
--> iptables -N 000002I --> prepared for inbound/download traffic --> iptables -N 000002O --> prepared for outbound/upload traffic iptables -I FORWARD -d 192.168.0.2 -j 00000I iptables -I FORWARD -s 192.168.0.2 -j 00000O
this is not working here... don't know why. The chain is listet correctly using
iptables -L 000002I -v
but the counters remain at zero.
You did catch the typo in this advice, I trust. It creates table 000002I but tries to jump to table 00000I.
The real problem is that rules cannot be viewed in isolation, and the poster giving you this suggestion said he wasn't using Shorewall. Still, this procedure makes sense, even in the context of Shorewall. If traffic *is* getting through to 192.168.0.2, and you didn't fall into the typo trap, you might try checking the entire ruleset *after* a big download to 192.168.0.2 (or the actual address you use) and see what rules *do* get their counts incremented. Then check to see if somehow (though I don't see how, if you really do use -I rather than -A; see below) they are getting called instead of the "accounting" rules.
I do execute my "accounting-script" after shorewall has started.
Does it execute cleanly? Please post a followup with the actual script and any output it generates when run from the command line. Also, round up the usual suspects and tell us the basics of your setup (see the SR FAQ if you need more explicit guidence on this score).
What is wrong ?? I also tried the rules I found in the Linux Administrators Guide.
iptables -N name1 iptables -A FORWARD -i ppp0 -d <ip-adress1> -j name1 iptables -A FORWARD -o ppp0 -s <ip-adress1> -j name
This is also not working here....
I would not expect it to, because -A puts the new rules at the *end* of the chain (while -I, if not given a rule placement number explicitly, puts new rules at the beginning of the chain). In Shorewall, it is likely that some prior rule catches the traffic before it ever sees this rule. These sorts of rules (ones meant not to direct traffic but just to count it) need to be at the top of the relevant ruleset, not at the bottom.
[rest deleted]
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
