I''m having a problem coming up with accounting rules to get what I need. I''ve got 3 interfaces: eth3: fiber ISP vlan10: wireless ISP vlan4: Internal LAN I''ve got two sets of accounting rules that I''m using to make graphs of all the traffic to each ISP: fiber:COUNT - vlan4 vlan10 #out fiber:COUNT - vlan10 vlan4 #in DONE fiber wireless:COUNT - vlan4 eth3 #out wireless:COUNT - eth3 vlan4 #in DONE wireless I added some ipsec tunnels that go out eth3 and they were not being counted at all, so I changed the wireless to this: wireless:COUNT - - eth3 #out wireless:COUNT - eth3 - #in DONE wireless Now it sees the traffic but I it''s being counted twice. If I "iftop -i eth3" I see two connections, one between the public IPs of the gateways and the other between the private IPs of the clients in the different LANs. Is there some way I can make accounting entries that will exclude one of these? Thanks, Brad C ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On 8/18/10 4:16 PM, Brad Clarke wrote:> > Now it sees the traffic but I it''s being counted twice. If I "iftop -i > eth3" I see two connections, one between the public IPs of the > gateways and the other between the private IPs of the clients in the > different LANs. Is there some way I can make accounting entries that > will exclude one of these? >The best you can do currently is to exclude the gateways (e.g., eth3:!<gw1>,<gw2>,...). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On Wed, Aug 18, 2010 at 6:45 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 8/18/10 4:16 PM, Brad Clarke wrote: > >> >> Now it sees the traffic but I it''s being counted twice. If I "iftop -i >> eth3" I see two connections, one between the public IPs of the >> gateways and the other between the private IPs of the clients in the >> different LANs. Is there some way I can make accounting entries that >> will exclude one of these? >> > > The best you can do currently is to exclude the gateways > (e.g., eth3:!<gw1>,<gw2>,...).OK, didn''t realize you could exclude addresses there. I went with excluding the networks on the other side of the tunnel instead of the gateways so I can still count traffic going directly to the gateways. Thanks, Brad C ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev