Re: [Shorewall-users] help with accounting

Tue, 07 Sep 2010 13:09:46 -0700 

On 9/6/10 3:16 PM, Ricardo Kleemann wrote:
> Hi,
> 
> I'm trying to setup accounting, but I want to get it down to a
> particular IP behind the firewall.
> 
> As an example, I could have a simple smtp accounting rule like this:
> 
> smtp:COUNT       -       eth0    eth1            tcp             25
> smtp:COUNT       -       eth1    eth0            tcp            
> -               25
> DONE            smtp
> 
> But I want to have smtp accounting specific to different hosts, so
> create separate rules for each host.
> 
> I tried a couple of examples with a couple of varations of this:
> 
> smtp2:COUNT       -       eth0    192.168.1.245           
> tcp             25
> smtp2:COUNT       -       192.168.1.245    eth0           
> tcp             -               25
> DONE            smtp2
> 
> But it doesn't work.
> 
> How can I filter based on the eth1 host IP?

Okay -- I read your post again, and I'm still not clear what is going on.

Which way is the connection going? You say that you tried this:

smtp2:COUNT  -     eth0             192.168.1.245  tcp    25
smtp2:COUNT  -     192.168.1.245    eth0           tcp    -    25
DONE         smtp2

Those rules assume that 192.168.1.245 is an MTA (Mail server) because
traffic going to 192.168.1.245 has destination port 25 and traffic
leaving 192.168.1.245 has source port 25.

If "it doesn't work" means that the rules were loaded successfully but
the counters on those rules didn't increment, then 192.168.1.245 must be
*sending* email and the rules should be:

smtp2:COUNT  -     eth0             192.168.1.245  tcp    -    25
smtp2:COUNT  -     192.168.1.245    eth0           tcp    25
DONE         smtp2

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to