Dear listeners I got a problem using accounting. When I create some simple rules for accounting, some sites respond errors like "this document contains no data". Like www.ebay.de. As soon as I activate accounting, ebay is not reachable anymore.
All I want/need is to count all the IP-traffic of certain workstations to ppp0 (internet-connection)
This is the script containing the rules: ________________________________________ iptables -N myrulei iptables -N myruleo iptables -I myrulei -j ACCEPT iptables -I myruleo -j ACCEPT iptables -I FORWARD -d 192.168.1.10 -j myrulei iptables -I FORWARD -s 192.168.1.10 -j myruleo ________________________________________
Assuming 192.168.1.10 is the right IP address for the host involved in the tests, then this set of commands looks right on a standalone basis. As I've said before though, rulesets need to be considered as a whole, not rule by rule. So I would suggest you run the command "iptables -nvL" (or perhaps its Shorewall equivalent -- see the SR FAQ) and see
A. What the FORWARD chain looks like.
B. What the myrulei and myruleo chains look like.
C. What rules (or policies) are being incremented when you try, and fail, to connect to one of the "problem" sites.
You might also check the nat table ("iptables -nvL -t nat" or the Shorewall analog) to make sure there is not some odd interaction between the accounting rules and whatever rules (DNAT? SNAT? I don't recall) Shorewall uses to NAT connections when PPP (PPPoE? you don't say) is involved.
I don't *think* (as you ask below) that your problem is a "jump loop" ... the ACCEPTs should get you cleanly out of the FORWARD-chain table-and-ruleset and on to either nat or POSTROUTING (as appropriate). And, if memory serves, the return packets have been de-NAT'd before they go to FORWARD, so the "-d 192.168.1.10" in the next to last entry should be correct.
Sorry I cannot be more definite about this. I don't run Shorewall here, so I'm responding based on a general understanding of iptables, not the details of how SHorewall uses the rulesets ... and your problem is probably at that more detailed level of rule interplay.
I start the script after starting shorewall 1.3 or 1.4. (Yes, I tried both Versions of shorewall with the same effect) I used the configfile shorewall/accounting instead of my home-brewed script. Same effect: Ebay responds nothing, yahoo responds extremly slow. When I disable accounting, everything works fine again.
It took me some days to resolve the problem up to this point, what else could we test ? No errors are written to logs files in /var/log/*
Most websites work fine using accounting but *some* leads to loss of data. DNS is working fine as usual, the sites are found quickly, but no data arrives. I do not use any http-caching-software like squid.
puhhh.
Is my script wrong ? is one of the -j (jump) commands
leading to jump and jump and jump and jump and jump and jump and jump and jump and jump and jump and jump and jump ?
Thank you for reading all this ! Any hints ?? any ;-) ?
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
