Hi, I have a vpn on an adsl line and I wanted to add its traffic to the adsl accounting. The two separated accounting rules seem to work fine. all_vpn - eth0:192.168.0.0/16 tun0 tcp all_vpn - tun0 eth0:192.168.0.0/16 tcp all_vpn - eth0:192.168.0.0/16 tun0 udp all_vpn - tun0 eth0:192.168.0.0/16 udp COUNT all_vpn eth0:192.168.16.0/24 tun0 COUNT all_vpn tun0 eth0:192.168.16.0/24 all_sdsl - eth0:192.168.0.0/16 eth1 tcp all_sdsl - eth1 eth0:192.168.0.0/16 tcp all_sdsl - eth0:192.168.0.0/16 eth1 udp all_sdsl - eth1 eth0:192.168.0.0/16 udp COUNT all_sdsl eth0:192.168.16.0/24 eth1 COUNT all_sdsl eth1 eth0:192.168.16.0/24 But if I try to also (I keep the vpn rule too) include the vpn interface to the sdsl rule, the sdsl accounting does not work anymore... all_sdsl - eth0:192.168.0.0/16 eth1 tcp all_sdsl - eth1 eth0:192.168.0.0/16 tcp all_sdsl - eth0:192.168.0.0/16 eth1 udp all_sdsl - eth1 eth0:192.168.0.0/16 udp all_sdsl - tun0:10.8.0.0/24 eth1 tcp all_sdsl - eth1 tun0:10.8.0.0/24 tcp all_sdsl - tun0:10.8.0.0/24 eth1 udp all_sdsl - eth1 tun0:10.8.0.0/24 udp COUNT all_sdsl eth0:192.168.16.0/24 eth1 COUNT all_sdsl eth1 eth0:192.168.16.0/24 COUNT all_sdsl tun0:10.8.0.0/24 eth1 COUNT all_sdsl eth1 tun0:10.8.0.0/24 Does anyone known if it is possible to add 2 pairs of interfaces to one accounting rule...? Thx, JD ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
On 07/22/2013 03:12 AM, John Doe wrote:> Hi, > > I have a vpn on an adsl line and I wanted to add its traffic to the adsl accounting. > The two separated accounting rules seem to work fine. > > > all_vpn - eth0:192.168.0.0/16 tun0 tcp > all_vpn - tun0 eth0:192.168.0.0/16 tcp > all_vpn - eth0:192.168.0.0/16 tun0 udp > all_vpn - tun0 eth0:192.168.0.0/16 udp > COUNT all_vpn eth0:192.168.16.0/24 tun0 > COUNT all_vpn tun0 eth0:192.168.16.0/24 > > all_sdsl - eth0:192.168.0.0/16 eth1 tcp > all_sdsl - eth1 eth0:192.168.0.0/16 tcp > all_sdsl - eth0:192.168.0.0/16 eth1 udp > all_sdsl - eth1 eth0:192.168.0.0/16 udp > COUNT all_sdsl eth0:192.168.16.0/24 eth1 > COUNT all_sdsl eth1 eth0:192.168.16.0/24 > > > But if I try to also (I keep the vpn rule too) include the vpn interface to the sdsl rule, the sdsl accounting does not work anymore... >What does ''not work anymore'' mean? Can you show us the output of ''shorewall show'' to illustrate? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
From: Tom Eastep <teastep@shorewall.net>> On 07/22/2013 03:12 AM, John Doe wrote: >> I have a vpn on an adsl line and I wanted to add its traffic to the adsl >> accounting. >> The two separated accounting rules seem to work fine. >> >> all_vpn - eth0:192.168.0.0/16 tun0 tcp >> all_vpn - tun0 eth0:192.168.0.0/16 tcp >> all_vpn - eth0:192.168.0.0/16 tun0 udp >> all_vpn - tun0 eth0:192.168.0.0/16 udp >> COUNT all_vpn eth0:192.168.16.0/24 tun0 >> COUNT all_vpn tun0 eth0:192.168.16.0/24 >> >> all_sdsl - eth0:192.168.0.0/16 eth1 tcp >> all_sdsl - eth1 eth0:192.168.0.0/16 tcp >> all_sdsl - eth0:192.168.0.0/16 eth1 udp >> all_sdsl - eth1 eth0:192.168.0.0/16 udp >> COUNT all_sdsl eth0:192.168.16.0/24 eth1 >> COUNT all_sdsl eth1 eth0:192.168.16.0/24 >> >> But if I try to also (I keep the vpn rule too) include the vpn interface to > the sdsl rule, the sdsl accounting does not work anymore... > > What does ''not work anymore'' mean? Can you show us the output of > ''shorewall show'' to illustrate?Without the vpn "rules" in the sdsl accounting, I get expected values. With the vpn "rules" in the sdsl accounting, I get wrong values. I do not have much traffic on the vpn but I suspect that these wrong values were the vpn values (replacing somehow the sdsl values)... Shorewall show just shows the same rules... Chain accounting (3 references) pkts bytes target prot opt in out source destination 3846 557K all_sdsl tcp -- eth0 eth1 192.168.0.0/16 0.0.0.0/0 3686 1811K all_sdsl tcp -- eth1 eth0 0.0.0.0/0 192.168.0.0/16 38 3269 all_sdsl udp -- eth0 eth1 192.168.0.0/16 0.0.0.0/0 38 5994 all_sdsl udp -- eth1 eth0 0.0.0.0/0 192.168.0.0/16 0 0 all_vpn tcp -- eth0 tun0 192.168.0.0/16 0.0.0.0/0 0 0 all_vpn tcp -- tun0 eth0 0.0.0.0/0 192.168.0.0/16 0 0 all_vpn udp -- eth0 tun0 192.168.0.0/16 0.0.0.0/0 0 0 all_vpn udp -- tun0 eth0 0.0.0.0/0 192.168.0.0/16 I cannot retry the non working scenario right now... Thx, JD ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk