Thanks Tom.
I have MARK_IN_FORWARD_CHAIN=Yes
In the case of mark/priority 3 I am marking in the POSTROUTING chain:
3:T 0.0.0.0/0 0.0.0.0/0 udp 1194 # openvpn
For mark/priorty 5 I am marking in the FORWARD chains:
5:F 67.52.58.192/28 0.0.0.0/0 tcp 22,10000:10099 # NATed ssh
5:F 0.0.0.0/0 67.52.58.192/28 tcp - 22,10000:10099 #
NATed ssh
I don't understand you comment about doing accounting in the filter table
vs. the mangle table. Perhaps this information is what you are looking
for:
I configure my accounting rules using the /etc/shorewall/accounting file
and I have no SECTION directives. I use the shorewall show accounting and
shorewall show tc_0 tc_1 tc_2 tc_3 tc_5 tc_5 commands to check the
counters. Here are my accounting rules:
tc_0:COUNT - $NET_IF
- - - - - 0
tc_0:COUNT - -
$NET_IF - - - - 0
tc_1:COUNT - $NET_IF
- - - - - 1
tc_1:COUNT - -
$NET_IF - - - - 1
tc_2:COUNT - $NET_IF
- - - - - 2
tc_2:COUNT - -
$NET_IF - - - - 2
tc_3:COUNT - $NET_IF
- - - - - 3
tc_3:COUNT - -
$NET_IF - - - - 3
tc_4:COUNT - $NET_IF
- - - - - 4
tc_4:COUNT - -
$NET_IF - - - - 4
tc_5:COUNT - $NET_IF
- - - - - 5
tc_5:COUNT - -
$NET_IF - - - - 5
tc_6:COUNT - $NET_IF
- - - - - 6
tc_6:COUNT - -
$NET_IF - - - - 6
I also use shorewall show mangle to see how my tcrules are being applied,
but since mangle includes intermediate results, I am trying to use
shorewall show accounting to see the final mark/priority results.
I realize that the final results are in the shorewall show tc output, but I
currently use accounting data to generate graphs showing how traffic is
being used. I am trying to add another type of graph that shows the
traffic per priority. So I am hoping to prepare /etc/shorewall/accounting
rules that let me see the same numbers I would get from shorewall show tc.
Cheers,
david.
On Mon, Jan 30, 2012 at 12:19 PM, Tom Eastep <[email protected]> wrote:
> On Mon, 2012-01-30 at 11:22 -0600, David Koscinski wrote:
>
> > Do I misunderstand the capabilities of the MARK column in the
> > accounting table? Or have I misconfigured something?
>
> It's not possible to say, given what you have told us.
>
> 1. Which chain(s) are you doing your TC marking in?
> 2. It appears that you are doing your accounting in the filter table, is
> that correct? (Shorewall also allows you to do accounting in the
> mangle).
>
> I suspect that you are marking packets after they have been through
> accounting; that would explain what you are seeing. You may wish to
> refer to the diagram at http://www.shorewall.net/NetfilterOverview.html.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
