Hello all, I am running an OpenVPN server on a computer with a single Ethernet interface. I want to be able to graph per-IP usage for each of the IP addresses on this interface. My Shorewall config is as follows: -- Accounting -- # Shorewall version 2.0 - Accounting File # # /etc/shorewall/accounting # #ACTION CHAIN SOURCE DESTINATION PROTOCOL DEST SOURCE # PORT PORT global:COUNT - all eth0 all global:COUNT - eth0 all all DONE global lastchancehotel:COUNT - 11.234.16.143 eth0:1 all lastchancehotel:COUNT - eth0:1 11.234.16.143 all all DONE lastchancehotel #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE --- Interfaces -- ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter,norfc1918,logmartians,nosmurfs,tcpflags,blacklist vpn br0 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE -- NAT -- ############################################################################### #EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES 84.234.16.143 eth0:1 10.10.0.2 no no 84.234.16.144 eth0:2 10.10.0.3 no no 84.234.16.145 eth0:3 10.10.0.4 no no 84.234.16.146 eth0:4 10.10.0.5 no no 84.234.16.147 eth0:5 10.10.0.6 no no #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE -- Policy -- ############################################################################### #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL net fw DROP info fw net ACCEPT vpn fw ACCEPT fw vpn ACCEPT # vpn to firewall vpn net ACCEPT net vpn ACCEPT all all REJECT info #LAST LINE -- DO NOT REMOVE -- Rules -- ############################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP #SECTION ESTABLISHED #SECTION RELATED SECTION NEW ACCEPT net fw icmp 8 ACCEPT net fw tcp ssh,www,smtp,pop3,pop3s,imap2,imaps ACCEPT net fw tcp 100 # jonathan''s tunnel test port #ACCEPT net fw tcp 6667 # tunnel stuff # client 1 - lastchancehotel REDIRECT net 1050 tcp 443 - 11.234.16.143 ACCEPT net vpn:10.10.0.2 all # client 2 - nemesis REDIRECT net 1051 tcp 443 - 11.234.16.144 ACCEPT net vpn:10.10.0.3 all # client 3 - ketone REDIRECT net 1052 tcp 443 - 11.234.16.145 ACCEPT net vpn:10.10.0.4 all # client 4 - ouroborous REDIRECT net 1053 tcp 443 - 11.234.16.146 ACCEPT net vpn:10.10.0.5 all # client 5 - richard REDIRECT net 1054 tcp 443 - 11.234.16.147 ACCEPT net vpn:10.10.0.6 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My OpenVPN server is configured to give users IP addresses 10.10.0.2-200, depending on their common name. One daemon per user, long story short each user gets the same IP and connects to the same public IP. I want to collect usage data (MRTG graphs would be great) of the total traffic in and out of eth0 for each ''user''. The rules I have at the moment for the individual users always return a value of ''0''. What are the correct arguments to use in ''accounting'' to do this? Thanks, Jan