Hello!
I''m a novice level shorewall user.
I just tried to setup traffic accounting for single interface system
http://www.shorewall.net/Accounting.html
When setuped and restarted by stop/start and some web browsing activity from
fw machine
shorewall show accounting web shows only zeros
[root@happ shorewall]# shorewall show accounting
Shorewall-1.4.8 Chain accounting at happ - Сбт Дек 6 19:05:37 MSK 2003
Counters reset Sat Dec 6 18:00:42 MSK 2003
Chain accounting (3 references)
pkts bytes target prot opt in out source
destination
0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0
tcp spt:80
0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0
tcp spt:443
[root@happ shorewall]# shorewall show accounting web
Shorewall-1.4.8 Chains accounting web at happ - Сбт Дек 6 19:23:02 MSK 2003
Counters reset Sat Dec 6 18:00:42 MSK 2003
Chain accounting (3 references)
pkts bytes target prot opt in out source
destination
0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0
tcp spt:80
0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0
tcp spt:443
Chain web (4 references)
pkts bytes target prot opt in out source
destination
0 0 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 all -- * eth0 0.0.0.0/0 0.0.0.0/0
[root@happ shorewall]#
please, give me advise
what is wrong in my case
I''m using RedHat 9
[root@happ shorewall]# uname -a
Linux happ 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
[root@happ shorewall]# rpm -qa |grep iptables
iptables-1.2.7a-2
[root@happ shorewall]# rpm -qa |grep shore
shorewall-1.4.8-1
[root@happ shorewall]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:F4:76:8D:7A
inet addr:192.168.0.232 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20424 errors:0 dropped:0 overruns:0 frame:0
TX packets:19029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:7792841 (7.4 Mb) TX bytes:1918007 (1.8 Mb)
Interrupt:11 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:407 errors:0 dropped:0 overruns:0 frame:0
TX packets:407 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:742268 (724.8 Kb) TX bytes:742268 (724.8 Kb)
Thank you
Andrey Paskal
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm
On Sat, 2003-12-06 at 08:30, Andrey Paskal wrote:> Hello! > I''m a novice level shorewall user.Then in the future, please post your questions on shorwall-newbies@shorewall.net.> I just tried to setup traffic accounting for single interface system > http://www.shorewall.net/Accounting.html > > When setuped and restarted by stop/start and some web browsing activity from > fw machine > shorewall show accounting web shows only zeros > > [root@happ shorewall]# shorewall show accounting > Shorewall-1.4.8 Chain accounting at happ - Сбт Дек 6 19:05:37 MSK 2003 > > Counters reset Sat Dec 6 18:00:42 MSK 2003 > > Chain accounting (3 references) > pkts bytes target prot opt in out source > destination > 0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:80 > 0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 > tcp spt:80 > 0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:443 > 0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 > tcp spt:443Your rules are backward -- OUTGOING packets have DPT=80 or 443. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Thank you Tom! Now it works. But would you make changes in your web page? Since my wrong rules was cut-n-paste of your http://www.shorewall.net/Accounting.html example ------------------------------------------------------------ Here''s how the same example would be constructed on a server with only one interface (eth0): #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE # PORT PORT web - eth0 - tcp 80 web - - eth0 tcp - 80 web - eth0 - tcp 443 web - - eth0 tcp - 443 COUNT web eth0 - COUNT web - eth0 ------------------------------------------------------------------------------------------- With best regards, Andrey Paskal TE> On Sat, 2003-12-06 at 08:30, Andrey Paskal wrote: TE> > Hello! TE> > I''m a novice level shorewall user. TE> TE> Then in the future, please post your questions on TE> shorwall-newbies@shorewall.net. TE> TE> > I just tried to setup traffic accounting for single interface system TE> > http://www.shorewall.net/Accounting.html TE> > TE> > When setuped and restarted by stop/start and some web browsing activity from TE> > fw machine TE> > shorewall show accounting web shows only zeros TE> > TE> > [root@happ shorewall]# shorewall show accounting TE> > Shorewall-1.4.8 Chain accounting at happ - Сбт Дек 6 19:05:37 MSK 2003 TE> > TE> > Counters reset Sat Dec 6 18:00:42 MSK 2003 TE> > TE> > Chain accounting (3 references) TE> > pkts bytes target prot opt in out source TE> > destination TE> > 0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 TE> > tcp dpt:80 TE> > 0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 TE> > tcp spt:80 TE> > 0 0 web tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 TE> > tcp dpt:443 TE> > 0 0 web tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 TE> > tcp spt:443 TE> TE> Your rules are backward -- OUTGOING packets have DPT=80 or 443. TE> TE> -Tom TE> -- TE> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool TE> Shoreline, \ http://shorewall.net TE> Washington USA \ teastep@shorewall.net TE> TE> TE> _______________________________________________ TE> Shorewall-users mailing list TE> Post: Shorewall-users@lists.shorewall.net TE> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users TE> Support: http://www.shorewall.net/support.htm TE> FAQ: http://www.shorewall.net/FAQ.htm TE>
On Sun, 2003-12-07 at 22:24, Andrey Paskal wrote:> Thank you Tom! > Now it works. > But would you make changes in your web page? > Since my wrong rules was cut-n-paste of your > http://www.shorewall.net/Accounting.html example > > ------------------------------------------------------------ > Here''s how the same example would be constructed on a server with only one > interface (eth0): >Note the word SERVER!! The rules in the example are intended for someone running a web server like Apache on a single-interface system. Since you are the second person to cut and paste those rules thinking that they were somehow related to web browsing accounting, on Saturday I changed the wording to try to make people pay attention to what is being described. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net