On Mon, Jan 30, 2012 at 2:04 PM, Tom Eastep <[email protected]> wrote:
> On Mon, 2012-01-30 at 13:45 -0600, David Koscinski wrote:
>
> >
> >
> > Well that change did the trick for mark 3. But is exposed a flaw in
> > my plans. Since /etc/accounting is only seeing MARK values prior to
> > POSTROUTING, then my stats may not reflect the reality of what is
> > going out eth0 since MARK could change.
>
> I'm not following you.
>
> >
> > So you mentioned that accounting can be done in mangle. A quick
> > google search revealed the ACCOUNTING_TABLE=mangle directive. Looks
> > like I need a shorewall upgrade to take advantage of that.
>
> That isn't going to work. When ACCOUNTING_TABLE=mangle, accounting
> occurs before marking.
>
> >
> > Even though I think I've found the answers based on your comments,
> > please do reply if you can. I'd like to be sure I am understanding
> > this correctly.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>>I'm not following you.
I mean that when I using /etc/shorewall/accounting I am seeing stats based
on what the MARK was before POSTROUTING. Since I want to know what the
final MARK was as the packets leave eth0, I cannot use
/etc/shorewall/accounting.
>>That isn't going to work. When ACCOUNTING_TABLE=mangle, accounting
occurs before marking.
So it appears that I cannot use /etc/shorewall/accounting to track what the
final MARK was on outgoing packets regardless of whether I do accounting in
filter or mangle. POSTROUTING tcrules can conceivably change the MARK
after accounting has been done.
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
