I wrote: > I've had accounting (counting traffic by IP) running for ages on other > routers (ethernet interfaces), but I'm struggling to to get it going on a > newer one with a PPPoE interface. Everything looks OK in terms of the > iptables rules setup - but I'm just not getting reasonable figures. Does > anyone know if there's anything special about PPP interfaces for this ? > > System is Debian Wheezy, running as a VM under Xen, and with Shorewall 4.5.5.3 > > > Anyone see something silly I've overlooked (that's my usual problem, too > close, can't see things right in front of me) ?
Ah, I think I may have spotted the issue. There is another key difference between this router and the others - this one is doing NAT (combination of masq and DNAT rules). I've observed that if I send traffic (eg sustained pings with large packets) to an address the router answers - then I see sensible amounts of traffic counted. If I DNAT all traffic on an IP to an internal host, then I see no traffic counted. So it looks like the accounting is done before outbound masq, and after inbound DNAT rules - hence the rules using the outside addresses just don't match. Is there any way to fix this ? ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
