On Fri, 2003-11-28 at 05:22, Henning Jebsen wrote: > Dear listeners > I got a problem using accounting. When I create some > simple rules for accounting, some sites respond errors like > "this document contains no data". Like www.ebay.de. > As soon as I activate accounting, ebay is not reachable anymore. > > All I want/need is to count all the IP-traffic of > certain workstations to ppp0 (internet-connection) > > This is the script containing the rules: > ________________________________________ > iptables -N myrulei > iptables -N myruleo > iptables -I myrulei -j ACCEPT > iptables -I myruleo -j ACCEPT > iptables -I FORWARD -d 192.168.1.10 -j myrulei > iptables -I FORWARD -s 192.168.1.10 -j myruleo > ________________________________________ > > I start the script after starting shorewall 1.3 or 1.4. > (Yes, I tried both Versions of shorewall with the same > effect) I used the configfile shorewall/accounting instead > of my home-brewed script. Same effect: Ebay responds nothing, > yahoo responds extremly slow. When I disable accounting, > everything works fine again.
Ray has been telling you for some time now but it's not getting through; you cannot simply hack in an arbitrary set of iptables commands into a Shorewall-configured firewall and expect them to work. You have to understand what Shorewall's ruleset does and you have to understand how adding your additional rules might affect what that ruleset does. When you say "disable accounting", when you are using Shorewall 1.4 how are you doing that? renaming /etc/shorewall/accounting? or ??? Something other than Shorewall's 1.4 accounting is causing your connection problems -- Shorewall's accounting facility is completely passive. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
