Re: [Shorewall-devel] Shorewall 4.0.0 Beta 4

Mon, 11 Jun 2007 08:50:57 -0700 

On Sunday 10 June 2007 19:29, Steven Jan Springl wrote:
> On Sunday 10 June 2007 18:57, Tom Eastep wrote:
> > Steven Jan Springl wrote:
> > > On Sunday 10 June 2007 17:44, Tom Eastep wrote:
> > >> Steven Jan Springl wrote:
> > >>> On Sunday 10 June 2007 17:37, Tom Eastep wrote:
> > >>>> How about:
> > >>>>
> > >>>> iptables -N foo
> > >>>> iptables -A FORWARD -j foo
> > >>>> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m
> > >>>> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j
> > >>>> RETURN
> > >>>
> > >>> That works. It just produces the message:
> > >>>
> > >>> physdev match: using --physdev-out in the OUTPUT, FORWARD and
> > >>> POSTROUTING chains for non-bridged traffic is not supported anymore.
> > >>
> > >> Ok -- then please try r6506 on your original test case. That revision
> > >> creates a chain called 'accountout' for OUTPUT accounting rules.
> > >>
> > >> -Tom
> > >
> > > Tom
> > >
> > > I have just tried r6507 with the original test case. Shorewall now
> > > starts successfully.
> > >
> > > The same 'accounting iptables' rule is generated. It is called from the
> > > INPUT and FORWARD chains.
> > > The 'accountout' is not generated.
> >
> > 'accountout' is only generated if there are rules with $FW in the SOURCE
> > column.
> >
> > -Tom
>
> Tom
>
> The accounting file contains:
>
>       DONE  -  eth0  eth1  udp  555,666
>       DONE  -  -       eth1  udp  777,888
>       DONE -   eth0  br0   udp   555,666
>       DONE -   -           br0   udp   777,888
>
> and the rules contains (amongst other rules):
>
>       ACCEPT  fw  lan  udp  555,666,777,888
>
> but 'accountout' is still not generated. What am I missing?
>
> Steven.

Tom

I have had another look at this. I am still unable to get Shorewall to create 
an 'accountout' chain. 

I have tried specifying $FW in the accounting file:

        DONE  -  $FW  br0  udp  777,888

but I get message:

        ERROR: Unknown interface (fw)

I have also tried the accounting and rules files entries as per my previous 
email.

I am obviously missing something basic here, but what?

Can you provide me with an example that works.

Steven.



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to