On 9/6/10 3:16 PM, Ricardo Kleemann wrote: > Hi, > > I'm trying to setup accounting, but I want to get it down to a > particular IP behind the firewall. > > As an example, I could have a simple smtp accounting rule like this: > > smtp:COUNT - eth0 eth1 tcp 25 > smtp:COUNT - eth1 eth0 tcp > - 25 > DONE smtp > > But I want to have smtp accounting specific to different hosts, so > create separate rules for each host. > > I tried a couple of examples with a couple of varations of this: > > smtp2:COUNT - eth0 192.168.1.245 > tcp 25 > smtp2:COUNT - 192.168.1.245 eth0 > tcp - 25 > DONE smtp2 > > But it doesn't work. > > How can I filter based on the eth1 host IP?
Okay -- I read your post again, and I'm still not clear what is going on. Which way is the connection going? You say that you tried this: smtp2:COUNT - eth0 192.168.1.245 tcp 25 smtp2:COUNT - 192.168.1.245 eth0 tcp - 25 DONE smtp2 Those rules assume that 192.168.1.245 is an MTA (Mail server) because traffic going to 192.168.1.245 has destination port 25 and traffic leaving 192.168.1.245 has source port 25. If "it doesn't work" means that the rules were loaded successfully but the counters on those rules didn't increment, then 192.168.1.245 must be *sending* email and the rules should be: smtp2:COUNT - eth0 192.168.1.245 tcp - 25 smtp2:COUNT - 192.168.1.245 eth0 tcp 25 DONE smtp2 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users