[Shorewall-users] Bridge with no IP, collecting accounting data

Simon Hobson Wed, 23 Jan 2013 08:37:51 -0800

Another week, another project !

I'm trying to adapt our local setup to collect data at a remote site. Here we 
don't have the opportunity to put our own router in, so I'm trying to make a 
small logging box with three NICs.
eth0 and eth1 are connected to a bridge with no IP - this will allow the box to 
be inserted between the site and it's internet connection, but the box itself 
won't be visible to the outside world.
eth2 is connected to the internal network.


I seem to have most things sorted, but the accounting is a bit of a headache. 
Probably something simple I've overlooked !

According to various bits I've read, such 
ashttp://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html, and the image it 
links to at the 
end,http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
 I believe I should be seeing traffic bridged between eth0 and eth1 being 
trapped by the FORWARD chain and thus fed into the accounting chain. But I'm 
not seeing any stats :

# iptables -v -n -L accounting
Chain accounting (3 references)
pkts bytes target   prot opt in   out   source        destination     
60622  13M account-ip all -- *   *    0.0.0.0/0      0.0.0.0/0      
60622  13M acc-serv  all -- *   *    0.0.0.0/0      0.0.0.0/0      
# iptables -v -n -L account-ip
Chain account-ip (1 references)
pkts bytes target   prot opt in   out   source        destination     
  0   0 total-ip  all -- eth0  *    0.0.0.0/0      0.0.0.0/0      
  0   0 total-ip  all -- *   eth0  0.0.0.0/0      0.0.0.0/0      
  0   0 total-ip  all -- eth1  *    0.0.0.0/0      0.0.0.0/0      
  0   0 total-ip  all -- *   eth1  0.0.0.0/0      0.0.0.0/0      
10656 926K total-ip  all -- eth2  *    0.0.0.0/0      0.0.0.0/0      
11090 746K total-ip  all -- *   eth2  0.0.0.0/0      0.0.0.0/0      

I'll only be looking at eth0, the other interfaces are only included for 
testing/diagnostics.



# cat zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
br   ipv4


# cat interfaces
#ZONE     INTERFACE     OPTIONS
FORMAT 2
net      eth2
br       eth0       bridge
br       eth1       bridge


# cat accounting
#ACTION    CHAIN SOURCE DESTINATION PROTO DEST SOURCE USER/
# PORT(S) PORT(S) GROUP
account-ip - - -
total-ip:COUNT account-ip eth0 -
total-ip:COUNT account-ip - eth0
total-ip:COUNT account-ip eth1 -
total-ip:COUNT account-ip - eth1
total-ip:COUNT account-ip eth2 -
total-ip:COUNT account-ip - eth2
DONE total-ip


#INCLUDE accounting.ip
#INCLUDE accounting.service



# ifconfig
br0    Link encap:Ethernet HWaddr **************** 
     inet6 addr: fe80::***************/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:336545 errors:0 dropped:0 overruns:0 frame:0
     TX packets:719 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:31324276 (29.8 MiB) TX bytes:60862 (59.4 KiB)


eth0   Link encap:Ethernet HWaddr **************** 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:689133 errors:0 dropped:2889 overruns:0 frame:0
     TX packets:384860 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:153833458 (146.7 MiB) TX bytes:51262116 (48.8 MiB)
     Interrupt:10 Base address:0x1000


eth1   Link encap:Ethernet HWaddr **************** 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:387244 errors:0 dropped:2891 overruns:0 frame:0
     TX packets:645353 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:51810105 (49.4 MiB) TX bytes:145675913 (138.9 MiB)
     Interrupt:11 Base address:0x1400


eth2   Link encap:Ethernet HWaddr **************** 
     inet addr:192.168.1.150 Bcast:192.168.1.255 Mask:255.255.255.0
     inet6 addr: fe80::***************/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:326447 errors:0 dropped:0 overruns:0 frame:0
     TX packets:264068 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:28529244 (27.2 MiB) TX bytes:22452128 (21.4 MiB)
     Interrupt:15 Base address:0x1800


lo    Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0
     inet6 addr: ::1/128 Scope:Host
     UP LOOPBACK RUNNING MTU:16436 Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)


# brctl show
bridge name   bridge id        STP enabled   interfaces
br0       8000.************    no       eth0
                            eth1

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Bridge with no IP, collecting accounting data

Reply via email to