I've had accounting (counting traffic by IP) running for ages on other routers (ethernet interfaces), but I'm struggling to to get it going on a newer one with a PPPoE interface. Everything looks OK in terms of the iptables rules setup - but I'm just not getting reasonable figures. Does anyone know if there's anything special about PPP interfaces for this ?
Systems is Debian Wheezy, running as a VM under Xen, and with Shorewall 4.5.5.3 Anyone see something silly I've overlooked (that's my usual problem, too close, can't see things right in front of me) ? In my accounting file, I have : Firstly, capture the traffic for the IP on the PPP link itself > account-ip-purappp:COUNT - ppp10 xx.xx.59.220 > account-ip-purappp:COUNT - xx.xx.59.220 ppp10 As I understand the docs, this should create a chain account-ip-purappp, coounting traffic coming in on PPP10 and addressed to xx.xx.59.220, and counting traffic going out of ppp10 from address xx.xx.59.220 Iptables seems to give sensible rules : > # iptables -vxn -L account-ip-purappp > Chain account-ip-purappp (2 references) > pkts bytes target prot opt in out source > destination > 2612 620930 all -- ppp10 * xx.xx.0.0/0 > xx.xx.59.220 > 2018 188364 all -- * ppp10 84.9.59.220 > 0.0.0.0/0 It's just that the byte counts are nothing like what I should be seeing. If I do a few speed tests (using speedtest.net), on my graphs I can see the spikes in traffic on the graph of data collected from the interface counters in /proc/net/dev, but barely shows in the numbers in the accounting chain. Wireshark shows the packets on the interface with the correct IP address. I can see a one minute period where someone was doing a download - on the interface counters, the average is almost 70Mbps; on the accounting, it's only 2.4k ! I assume it's the same problem, but I similarly get ridiculously low numbers collecting stats on the routed /29 with these rules : > account-ip-pura:JUMP - ppp10 - > account-ip-pura:JUMP - - ppp10 > > DONE account-ip-pura ppp10 xx.xx.29.56 > DONE account-ip-pura xx.xx.29.56 ppp10 > DONE account-ip-pura ppp10 xx.xx.29.57 > DONE account-ip-pura xx.xx.29.57 ppp10 > ... ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
