Thanks for the reply!
I've tried removing all rules and adding just a individual host and it
basically displays this output when I do a ipchains -L -v:
Chain input (policy ACCEPT: 15634 packets, 2237943 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 - all ------ 0xFF 0x00 any
X.X.X.X anywhere n/a
Chain output (policy ACCEPT: 13298 packets, 1091063 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 - all ------ 0xFF 0x00 any
anywhere X.X.X.X n/a
When I try to connect via FTP and upload a file to X.X.X.X, the "Chain
Input (etc....)" bytes and packets count increase but the individual
rule byte and packets count does not increase.
I have a feeling that the machine needs to be the router for the
incoming/outgoing packets so I'm going to have to go with the
single-point-of-failure system.. and make a standby machine or something
incase something happens to this one.
However, if anyone has any more suggestions please let me know.
Thanks a lot.
Regards,
Gonzalo.
++ 06/11/00 13:10 +1100 - Crossfire:
> I have the distinct feeling that accounting in IP Chains follows the same
> rules as all other IP chains, which basically means, first match wins....
> so... if you have a rule that matches all hosts, it'll match, and no other
> rules will get processed... which means your individual hosts don't get
> accounted.
>
> --==============================================--
> Crossfire | This email was brought to you
> [EMAIL PROTECTED] | on 100% Recycled Electrons
> --==============================================--
>
> ----- Original Message -----
> From: "Gonzalo Servat" <[EMAIL PROTECTED]>
> To: "SLUG" <[EMAIL PROTECTED]>
> Sent: Monday, November 06, 2000 12:31 PM
> Subject: [SLUG] IPchains IP accounting question - Help! :)
>
>
> > Hi Slug'ers!
> >
> > I'm trying to set-up a linux box (redhat7) to do the IP accounting for
> > a bunch of servers that we host. We'd like to count exactly how much
> > incoming and outgoing traffic each of these machines are doing.
> >
> > This IP accounting box is currently just another node on the switch...
> > so it's NOT the main "default gateway" for all the servers that we host.
> >
> > So far, I've been able to count the TOTAL incoming and outgoing traffic
> > to the whole segment (X.X.X.0/24) but I can't get IPchains to count
> > traffic to/from individual IP addresses (the ipchains counter for the
> > specific IP address stays at 0 while the TOTAL counter increases).
> >
> > Is this because the IP accounting machine has to be the main default gw
> > (ie. forwarding packets) for all the hosted machines so that the traffic
> > actually goes through the IP accounting box?
> >
> > I'm trying to avoid the "single-point-of-failure" problem by making the
> > IP accounting box the main default gw for all the hosted systems so I'm
> > trying to get it to work as another node on the switch and the ethernet
> > card with Promiscious mode enabled, however if somebody can tell me that
> > I /have/ to make the IP accounting box the default GW for this to work
> > then I'll be forced to go along with the single-point-of-failure PC.
> >
> > Thanks in advance for any help.
> >
> > Regards,
> >
> > Gonzalo.
> >
> >
> > --
> > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> > More Info: http://slug.org.au/lists/listinfo/slug
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
