Tom Eastep <[email protected]> wrote: >> I feel some experimentation to see if (manually added) accounting >> rules will work in the Rawpost chain ... >> > > Beware that the rawpost table has been removed in recent kernels. It > was used for stateless SNAT which is now done in the mangle table.
Pity, it would have done nicely for me. And to add a bit of a chuckle to your Friday afternoon. I looked at that diagram again, and (bear in mind I've come down with a cold, and it's Friday) thought ... "hang on, if I insert a rule at the start of nat:prerouting and append another to the nat:postrouting chain, then that gets me the rules where I want them". Then I could see the packet/byte counts going up, but not by the right amount. And then the penny dropped about the nat table only getting the first packet in each connection. I've been toying with the idea of splitting the single router appliance into several. One that does all the NAT and stuff; and another in front of each connection that doesn't do NAT, but is two-port and can easily do traffic shaping - and traffic data collection. That'll be fun to do without killing anything :-) Matt Darfeuille <[email protected]> wrote: >> Well that didn't take long. Seems the rawpost table isn't installed by >> default (at least on the Debian systems I work with). it's available in the >> xtables-addons-dkms package - but that'll pull in a large number of packages >> I don't really want on this box. >> >> I think I'll need to go and have a rethink about all of this setup :-( > > You need less packages if you do it yourself! > > At least that was so the last time I did it: > > https://packages.debian.org/jessie/admin/xtables-addons-source Still needs all the build tools. Besides, apart from some simple scripts to collect data, I'm trying to keep most of the systems (and especially critical ones like this) as close to "standard" as possible. Ie, with no booby traps waiting to blow up on anyone who might have to take over running it in future. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
