Are you sure that the rule is actually being passed thru by the
packets. You might have a -j RETURN or -j ACCEPT earlier in the sequence
that if passing back out of the chain to the higher level and hence your
more detailed rule is not even being reached. Without looking at your
rule set it's hard to guess it.
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Mon, 6 Nov 2000, Gonzalo Servat wrote:
> Hi Slug'ers!
>
> I'm trying to set-up a linux box (redhat7) to do the IP accounting for
> a bunch of servers that we host. We'd like to count exactly how much
> incoming and outgoing traffic each of these machines are doing.
>
> This IP accounting box is currently just another node on the switch...
> so it's NOT the main "default gateway" for all the servers that we host.
>
> So far, I've been able to count the TOTAL incoming and outgoing traffic
> to the whole segment (X.X.X.0/24) but I can't get IPchains to count
> traffic to/from individual IP addresses (the ipchains counter for the
> specific IP address stays at 0 while the TOTAL counter increases).
>
> Is this because the IP accounting machine has to be the main default gw
> (ie. forwarding packets) for all the hosted machines so that the traffic
> actually goes through the IP accounting box?
>
> I'm trying to avoid the "single-point-of-failure" problem by making the
> IP accounting box the main default gw for all the hosted systems so I'm
> trying to get it to work as another node on the switch and the ethernet
> card with Promiscious mode enabled, however if somebody can tell me that
> I /have/ to make the IP accounting box the default GW for this to work
> then I'll be forced to go along with the single-point-of-failure PC.
>
> Thanks in advance for any help.
>
> Regards,
>
> Gonzalo.
>
>
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
