Hi There,
I am having problem with shorewall accounting
I install shorewall 4.0.14.2 via apt-get lenny version
Here is my accounting
#ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST
SOURCE
# PORT PORT
hedges:COUNT - ppp0 10.1.1.5 - - -
hedges:COUNT - 10.1.1.5 ppp0 - - -
DONE hedges
desi:COUNT - ppp0 10.1.1.12 - - -
desi:COUNT - 10.1.1.12 ppp0 - - -
DONE desi
inneke:COUNT - ppp0 10.1.1.11 - - -
inneke:COUNT - 10.1.1.11 ppp0 - - -
DONE inneke
peter:COUNT - ppp0 10.1.1.10 - - -
peter:COUNT - 10.1.1.10 ppp0 - - -
DONE peter
When I start shorewall with accounting, it generate errors:
Compiling...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
net Zone: ppp0:0.0.0.0/0
loc Zone: eth1:0.0.0.0/0
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Compiling Accounting...
/usr/share/shorewall-shell/compiler: line 286: exists_hedges
=Yes: command not found
/usr/share/shorewall-shell/compiler: line 286: exists_desi
=Yes: command not found
/usr/share/shorewall-shell/compiler: line 286: exists_inneke
=Yes: command not found
/usr/share/shorewall-shell/compiler: line 286: exists_peter
=Yes: command not found
Creating Interface Chains...
Compiling Common Rules
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/rules...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling Masquerading/SNAT
Compiling Traffic Control Rules...
Compiling Rule Activation...
Compiling IP Forwarding...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Clearing Traffic Control/QOS
Deleting user chains...
Enabling Loopback and DNS Lookups
Setting up Accounting...
iptables v1.3.6: multiport needs `-p tcp'', `-p udp'', `-p
sctp'' or `-p dccp''
Try `iptables -h'' or ''iptables --help'' for more
information.
iptables v1.3.6: multiport needs `-p tcp'', `-p udp'', `-p
sctp'' or `-p dccp''
Try `iptables -h'' or ''iptables --help'' for more
information.
ERROR: Command "/sbin/iptables -A hedges -i ppp0 -d 10.1.1.5 -m
multiport --sports -
" Failed
IP Forwarding Enabled
Terminated
But if I start shorewall without accounting, everything working OK
What mistake I did?
Thanks for any clue and support
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Wed, Dec 03, 2008 at 11:09:23PM -0800, Phillipus Gunawan wrote:> > hedges:COUNT - ppp0 10.1.1.5 - - - > hedges:COUNT - 10.1.1.5 ppp0 - - - > DONE hedges > > iptables v1.3.6: multiport needs `-p tcp'', `-p udp'', `-p sctp'' or `-p dccp''If you look at the documentation [0], you will see that the examples there all have the protocol specified. Shorewall can guess what you want in this respect. Regards, -Roberto [0] http://shorewall.net/Accounting.html -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks for the reply Could you point me out then, if I want to do accounting no matter what the protocol slipping through, what command should i put? I have tried hedges:COUNT - ppp0 10.1.1.5 hedges:COUNT - 10.1.1.5 ppp0 dumb try, but anyway, still not working Previously, I am using that accounting file and it was working OK until..... I did "apt-get upgrade" Then it start failing on this accounting This is a result example before I did the upgrade to Lenny Chain hedges (1 references) pkts bytes target prot opt in out source destination 2032 870K 0 -- ppp0 * 0.0.0.0/0 10.1.1.5 Shorewall 4.0.14.2 Chain hedges at debian - Wed Dec 3 23:31:56 EST 2008 Anyhow, please advice me what should be the correct command Cheers On Wed, Dec 03, 2008 at 11:09:23PM -0800, Phillipus Gunawan wrote:> > hedges:COUNT - ppp0 10.1.1.5 - - - > hedges:COUNT - 10.1.1.5 ppp0 - - - > DONE hedges > > iptables v1.3.6: multiport needs `-p tcp'', `-p udp'', `-p sctp'' or `-p dccp''If you look at the documentation [0], you will see that the examples there all have the protocol specified. Shorewall can guess what you want in this respect. Regards, -Roberto [0] http://shorewall.net/Accounting.html -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
At 02:34 -0800 4/12/08, Phillipus Gunawan wrote:>Thanks for the reply > >Could you point me out then, if I want to do accounting no matter >what the protocol slipping through, what command should i put? >I have tried > >hedges:COUNT - ppp0 10.1.1.5 >hedges:COUNT - 10.1.1.5 ppp0 > >dumb try, but anyway, still not working > >Previously, I am using that accounting file and it was working OK >until..... I did "apt-get upgrade" >Then it start failing on this accounting >This is a result example before I did the upgrade to Lenny > >Chain hedges (1 references) > pkts bytes target prot opt in out source >destination > 2032 870K 0 -- ppp0 * 0.0.0.0/0 >10.1.1.5 >Shorewall 4.0.14.2 Chain hedges at debian - Wed Dec 3 23:31:56 EST 2008 > >Anyhow, please advice me what should be the correct commandDon''t know if this will work for you, this is from a router (& Shorewall-perl 4.0.6) that doesn''t do NAT : # Outside global stats outside-in:COUNT - ethext - outside-out:COUNT - - ethext DONE outside # Do acocunting by IP address account-ip - - - total-ip-in:COUNT account-ip ethext - total-ip-out:COUNT account-ip - ethext DONE total-ip acc1-in:COUNT account-ip ethext a.b.c.1 acc1-out:COUNT account-ip a.b.c.1 ethext DONE acc1 acc2-in:COUNT account-ip ethext a.b.c.2 acc2-out:COUNT account-ip a.b.c.2 ethext DONE acc2 -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks Simon
No, its not working
Actually, I was doing my script like yours, until it stop working after I
upgrade my Debian from Etch to Lenny
I try the doco said, and this is what happen right now.....
----------------------------------------------------------------------------
Don''t know if this will work for you, this is from a router (&
Shorewall-perl 4.0.6) that doesn''t do NAT :
# Outside global stats
outside-in:COUNT - ethext -
outside-out:COUNT - - ethext
DONE outside
# Do acocunting by IP address
account-ip - - -
total-ip-in:COUNT account-ip ethext -
total-ip-out:COUNT account-ip - ethext
DONE total-ip
acc1-in:COUNT account-ip ethext a.b.c.1
acc1-out:COUNT account-ip a.b.c.1 ethext
DONE acc1
acc2-in:COUNT account-ip ethext a.b.c.2
acc2-out:COUNT account-ip a.b.c.2 ethext
DONE acc2
--
Simon Hobson
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Phillipus Gunawan wrote:> Hi There, > > I am having problem with shorewall accounting > I install shorewall 4.0.14.2 via apt-get lenny version > Here is my accounting > > #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE > # PORT PORT > > hedges:COUNT - ppp0 10.1.1.5 - - - > hedges:COUNT - 10.1.1.5 ppp0 - - - > DONE hedges > > desi:COUNT - ppp0 10.1.1.12 - - - > desi:COUNT - 10.1.1.12 ppp0 - - - > DONE desi > > inneke:COUNT - ppp0 10.1.1.11 - - - > inneke:COUNT - 10.1.1.11 ppp0 - - - > DONE inneke > > peter:COUNT - ppp0 10.1.1.10 - - - > peter:COUNT - 10.1.1.10 ppp0 - - - > DONE peterEither get rid of all of those trailing dashes or migrate to using Shorewall-perl (the latter is highly recommended). Shorewall-shell doesn''t always handle trailing dashes properly; Shorewall-perl does. Off-hand, I don''t see why you should be getting those ''command not found'' errors; a trace will be necessary to do anything with that. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Phillipus Gunawan wrote: >> Hi There, >> >> I am having problem with shorewall accounting >> I install shorewall 4.0.14.2 via apt-get lenny version >> Here is my accounting >> >> #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE >> # PORT PORT >> >> hedges:COUNT - ppp0 10.1.1.5 - - - >> hedges:COUNT - 10.1.1.5 ppp0 - - - >> DONE hedges >> >> desi:COUNT - ppp0 10.1.1.12 - - - >> desi:COUNT - 10.1.1.12 ppp0 - - - >> DONE desi >> >> inneke:COUNT - ppp0 10.1.1.11 - - - >> inneke:COUNT - 10.1.1.11 ppp0 - - - >> DONE inneke >> >> peter:COUNT - ppp0 10.1.1.10 - - - >> peter:COUNT - 10.1.1.10 ppp0 - - - >> DONE peter > > Either get rid of all of those trailing dashes or migrate to using > Shorewall-perl (the latter is highly recommended). Shorewall-shell > doesn''t always handle trailing dashes properly; Shorewall-perl does. > > Off-hand, I don''t see why you should be getting those ''command not > found'' errors; a trace will be necessary to do anything with that.FWIW, I''m not able to reproduce EITHER problem here on an Etch system with Shorewall 4.0.14. And I presume your are Etch-based since your iptables is version 1.3.6 which shipped with Etch. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
On Thu, 2008-12-04 at 12:33 -0800, Shorewall Geek wrote:> Shorewall Geek wrote:> FWIW, I''m not able to reproduce EITHER problem here on an Etch system > with Shorewall 4.0.14. And I presume your are Etch-based since your > iptables is version 1.3.6 which shipped with Etch. >While this system''s name is ''Lenny'' it is an Etch system running the Testing (Lenny) version of Shorewall. Lenny:/etc/shorewall# shorewall version -a 4.0.14.2 Shorewall-shell 4.0.14.1 Shorewall-perl 4.0.14.2 Lenny:/etc/shorewall# cat /etc/debian_version 4.0 Lenny:/etc/shorewall# shorewall restart Compiling... Initializing... Determining Zones... IPv4 Zones: net Firewall Zone: fw Validating interfaces file... Validating hosts file... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Validating Policy file... Determining Hosts in Zones... net Zone: eth0:0.0.0.0/0 Deleting user chains... Compiling /etc/shorewall/routestopped ... Compiling Accounting... Creating Interface Chains... Compiling Common Rules Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags checking... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /etc/shorewall/rules... Compiling Actions... Compiling /usr/share/shorewall/action.Drop for Chain Drop... Compiling /usr/share/shorewall/action.Reject for Chain Reject... Compiling /etc/shorewall/policy... Compiling Traffic Control Rules... Compiling Rule Activation... Compiling IP Forwarding... Shorewall configuration compiled to /var/lib/shorewall/.restart Restarting Shorewall.... Initializing... Clearing Traffic Control/QOS Deleting user chains... Enabling Loopback and DNS Lookups Setting up Accounting... Creating Interface Chains... Setting up SMURF control... Setting up Black List... Adding Anti-smurf Jumps... Setting up rules for DHCP... Setting up TCP Flags checking... Setting up ARP filtering... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Setting up SYN Flood Protection... Setting up Rules... Setting up Actions... Creating action chain Drop Creating action chain Reject Creating action chain dropBcast Creating action chain dropInvalid Creating action chain dropNotSyn Applying Policies... Activating Rules... IP Forwarding Enabled done. Lenny:/etc/shorewall# cat accounting hedges:COUNT - eth0 10.1.1.5 - - - hedges:COUNT - 10.1.1.5 eth0 - - - DONE hedges desi:COUNT - eth0 10.1.1.12 - - - desi:COUNT - 10.1.1.12 eth0 - - - DONE desi inneke:COUNT - eth0 10.1.1.11 - - - inneke:COUNT - 10.1.1.11 eth0 - - - DONE inneke peter:COUNT - eth0 10.1.1.10 - - - peter:COUNT - 10.1.1.10 eth0 - - - DONE peter Lenny:/etc/shorewall# dpkg -l dash Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=================================-=================================-=================================================================================ii dash 0.5.3-7 The Debian Almquist Shell Lenny:/etc/shorewall# ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Shorewall Geek wrote:> Shorewall Geek wrote: >> Phillipus Gunawan wrote: >>> Hi There, >>> >>> I am having problem with shorewall accounting >>> I install shorewall 4.0.14.2 via apt-get lenny version >>> Here is my accounting >>> >>> #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE >>> # PORT PORT >>> >>> hedges:COUNT - ppp0 10.1.1.5 - - - >>> hedges:COUNT - 10.1.1.5 ppp0 - - - >>> DONE hedges >>> >>> desi:COUNT - ppp0 10.1.1.12 - - - >>> desi:COUNT - 10.1.1.12 ppp0 - - - >>> DONE desi >>> >>> inneke:COUNT - ppp0 10.1.1.11 - - - >>> inneke:COUNT - 10.1.1.11 ppp0 - - - >>> DONE inneke >>> >>> peter:COUNT - ppp0 10.1.1.10 - - - >>> peter:COUNT - 10.1.1.10 ppp0 - - - >>> DONE peter >> Either get rid of all of those trailing dashes or migrate to using >> Shorewall-perl (the latter is highly recommended). Shorewall-shell >> doesn''t always handle trailing dashes properly; Shorewall-perl does. >> >> Off-hand, I don''t see why you should be getting those ''command not >> found'' errors; a trace will be necessary to do anything with that. > > FWIW, I''m not able to reproduce EITHER problem here on an Etch system > with Shorewall 4.0.14. And I presume your are Etch-based since your > iptables is version 1.3.6 which shipped with Etch.I just reproduced the OP''s problem by running ''unix2dos'' on the accounting file. So you need to run ''unix2dos'' on yours. And don''t use Windoze to edit your shorewall config. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Shorewall Geek wrote:> Shorewall Geek wrote: >> Shorewall Geek wrote: >>> Phillipus Gunawan wrote: >>>> Hi There, >>>> >>>> I am having problem with shorewall accounting >>>> I install shorewall 4.0.14.2 via apt-get lenny version >>>> Here is my accounting >>>> >>>> #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE >>>> # PORT PORT >>>> >>>> hedges:COUNT - ppp0 10.1.1.5 - - - >>>> hedges:COUNT - 10.1.1.5 ppp0 - - - >>>> DONE hedges >>>> >>>> desi:COUNT - ppp0 10.1.1.12 - - - >>>> desi:COUNT - 10.1.1.12 ppp0 - - - >>>> DONE desi >>>> >>>> inneke:COUNT - ppp0 10.1.1.11 - - - >>>> inneke:COUNT - 10.1.1.11 ppp0 - - - >>>> DONE inneke >>>> >>>> peter:COUNT - ppp0 10.1.1.10 - - - >>>> peter:COUNT - 10.1.1.10 ppp0 - - - >>>> DONE peter >>> Either get rid of all of those trailing dashes or migrate to using >>> Shorewall-perl (the latter is highly recommended). Shorewall-shell >>> doesn''t always handle trailing dashes properly; Shorewall-perl does. >>> >>> Off-hand, I don''t see why you should be getting those ''command not >>> found'' errors; a trace will be necessary to do anything with that. >> FWIW, I''m not able to reproduce EITHER problem here on an Etch system >> with Shorewall 4.0.14. And I presume your are Etch-based since your >> iptables is version 1.3.6 which shipped with Etch. > > I just reproduced the OP''s problem by running ''unix2dos'' on the > accounting file. So you need to run ''unix2dos'' on yours. And don''t use > Windoze to edit your shorewall config.That should be "So you need to run ''dos2unix'' on yours..." ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
WOW Thanks a lot for the advice of dox2unix I am using flip but yeah, THATS THE PROBLEM.... after converting the accounting file, I got no error when re-starting shorewall You are legend, considering you solved it by re-producing the prob I am a happy chappy person now Cheers Shorewall Geek wrote:> Shorewall Geek wrote: >> Phillipus Gunawan wrote: >>> Hi There, >>> >>> I am having problem with shorewall accounting >>> I install shorewall 4.0.14.2 via apt-get lenny version >>> Here is my accounting >>> >>> #ACTION CHAIN SOURCE DESTINATION PROTOCOL DESTSOURCE>>> # PORT PORT >>> >>> hedges:COUNT - ppp0 10.1.1.5 - - - >>> hedges:COUNT - 10.1.1.5 ppp0 - - - >>> DONE hedges >>> >>> desi:COUNT - ppp0 10.1.1.12 - - - >>> desi:COUNT - 10.1.1.12 ppp0 - - - >>> DONE desi >>> >>> inneke:COUNT - ppp0 10.1.1.11 - - - >>> inneke:COUNT - 10.1.1.11 ppp0 - - - >>> DONE inneke >>> >>> peter:COUNT - ppp0 10.1.1.10 - - - >>> peter:COUNT - 10.1.1.10 ppp0 - - - >>> DONE peter >> Either get rid of all of those trailing dashes or migrate to using >> Shorewall-perl (the latter is highly recommended). Shorewall-shell >> doesn''t always handle trailing dashes properly; Shorewall-perl does. >> >> Off-hand, I don''t see why you should be getting those ''command not >> found'' errors; a trace will be necessary to do anything with that. > > FWIW, I''m not able to reproduce EITHER problem here on an Etch system > with Shorewall 4.0.14. And I presume your are Etch-based since your > iptables is version 1.3.6 which shipped with Etch.I just reproduced the OP''s problem by running ''unix2dos'' on the accounting file. So you need to run ''unix2dos'' on yours. And don''t use Windoze to edit your shorewall config. Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
While my brain still hot about this shorewall I re-work bit of my accounting tables, to make it more fun: #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE # PORT PORT total-i:COUNT - ppp0 - total-o:COUNT - - ppp0 DONE total hedges-i:COUNT - ppp0 10.1.1.5 hedges-o:COUNT - 10.1.1.5 ppp0 DONE hedges peter-i:COUNT - ppp0 10.1.1.10 peter-o:COUNT - 10.1.1.10 ppp0 DONE peter inneke-i:COUNT - ppp0 10.1.1.11 inneke-o:COUNT - 10.1.1.11 ppp0 DONE inneke desi-i:COUNT - ppp0 10.1.1.12 desi-o:COUNT - 10.1.1.12 ppp0 DONE desi compsusi-i:COUNT - ppp0 10.1.1.13 compsusi-o:COUNT - 10.1.1.13 ppp0 DONE compsusi just right after I flush iptables, stop and start shorewall, here is the result:> shorewall show accountingShorewall 4.0.14.2 Chain accounting at debian - Fri Dec 5 12:29:35 EST 2008 Counters reset Fri Dec 5 12:28:19 EST 2008 Chain accounting (3 references) pkts bytes target prot opt in out source destination 786 332K total-i 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 596 75409 total-o 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0 253 257K hedges-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.5 163 25018 hedges-o 0 -- * ppp0 10.1.1.5 0.0.0.0/0 9 1116 peter-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.10 15 715 peter-o 0 -- * ppp0 10.1.1.10 0.0.0.0/0 216 30884 inneke-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.11 170 30601 inneke-o 0 -- * ppp0 10.1.1.11 0.0.0.0/0 302 42748 desi-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.12 242 18756 desi-o 0 -- * ppp0 10.1.1.12 0.0.0.0/0 0 0 compsusi-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.13 0 0 compsusi-o 0 -- * ppp0 10.1.1.13 0.0.0.0/0 my questions are host ''peter'' and ''compsusi'' is NOT ON at the moment compsusi showing OK, which 0 - 0 why peter showing activity then? I cant ping nor just browse to peter'' comp, since its not on Is there any suggestion on plug in to make this shorewall accounting more ''readable''? I found a few solutions explaining how to extract these values and store it on postgre, but I just want to ask opinion from the expert or at least whomever already use it for a while Cheers Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Phillipus Gunawan wrote: .0.0/0> > my questions are > > host ''peter'' and ''compsusi'' is NOT ON at the moment > compsusi showing OK, which 0 - 0 > why peter showing activity then? > I cant ping nor just browse to peter'' comp, since its not onNone of us has enough information to answer these questions. Certainly, the fact that a machine is on or off doesn''t prevent other machines from sending packets to it. I suspect that the packets in the other direction are ICMPs but you would have to use a packet sniffer to answer that question. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Phillipus Gunawan wrote:>Is there any suggestion on plug in to make this shorewall accounting more ''readable''? >I found a few solutions explaining how to extract these values and store it on postgre, >but I just want to ask opinion from the expert or at least whomever already use it for a whileI stuff the data into several rrd databases which can then be graphed separately. For the IP based accounting I use this script :>>/usr/bin/rrdtool update ip-stats.rrd N:`/sbin/iptables -L account-ip -vxn | \ >> /usr/bin/awk ''BEGIN { getline ; getline } >> { print $2 }'' | \ >> /usr/bin/tr '' >>'' '':'' | /bin/sed -e ''s/:$//''`Note the ''-vxn'' switches to iptables. For my purposes, I arranged the rrd database to match the iptables output order, so I just extract the second field with awk, convert newlines to '':'', and strip the extra trailing '':'' - I then have a string of the form nnn:nnn:nnn:nnn:...nnn:nnn which I can use in the rrd update. Arranging the rrd database like that is easy when you are simply logging a whole network, but it does tie you down to never altering the accounting setup without also altering the rrd database. For traffic control logging, I have a script that extracts the tc counters into an array and then updates a number of rrd databases. By use of the shell substitution '':-'' I can easily deal with values that aren''t there. You could possibly adapt this script, or at least get some ideas from it :>>Now=`date +%s` >> >>( /sbin/tc -s class show dev ethext >> /sbin/tc -s class show dev ethint ) | \ >> /bin/sed -e :a -e ''$!N;s/\n / /;ta'' -e ''P;D'' | \ >> /bin/sed -r -e "s/^class htb [0-9]+:([0-9]+) .* Sent ([0-9]+) bytes [0-9]+ pkt .dropped ([0-9]+),.*$/\1 \2 \3/" | \ >> /bin/grep -v ''^$'' | \ >> ( >> while read Class ByteCount DropCount >> do >> Bytes[${Class}]=${ByteCount} >> Dropped[${Class}]=${DropCount} >> done >> >> >># Main link >>/usr/bin/rrdtool update tc-main-in.rrd ${Now}:${Bytes[110]:-"U"}:${Dropped[110]:="U"}:${Bytes[111]:-"U"}:${Dropped[111]:="U"}:${Bytes[112]:-"U"}:${Dropped[112]:="U"}:${Bytes[113]:-"U"}:${Dropped[113]:="U"}:${Bytes[114]:-"U"}:${Dropped[114]:="U"} >>/usr/bin/rrdtool update tc-main-out.rrd ${Now}:${Bytes[10]:-"U"}:${Dropped[10]:="U"}:${Bytes[11]:-"U"}:${Dropped[11]:="U"}:${Bytes[12]:-"U"}:${Dropped[12]:="U"}:${Bytes[13]:-"U"}:${Dropped[13]:="U"}:${Bytes[14]:-"U"}:${Dropped[14]:="U"}-- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/