Hi All, I've come across a problem that I'm hoping someone has the answer two.. back when one of my boxes was running a 2.0 kernel, I used to use ipac on it to do ip accounting for all the machines on the network segment it was on (With eth0 in promisc mode..). I've since moved that segment onto the switch, so stopped using using ipac in this way.. We've been seeing some amazing growth in inbound traffic in the last two months (from 15 to 30gb/month incoming, without a corresponding jump in outgoing traffic (Our 'net link is used solely for webhosting/colocation)), so I've been trying to find out where the jump is.. Our core route/firewall is a BSD box, and I've got some rather full-on accounting happening with ipfw, but I really prefer ipac, as it has such a nice interface.. So I thought I'd fire up a linux box on a hub between the firewall and our border routers (internet, private links to clients, etc), put the interface into promisc mode, and get ipac happening.. It doesn't seem so easy however, as the only traffic being accounted, is traffic to/from the box, and not the traffic going by on the wire. eth0 is definitely in promisc mode, as ifconfig shows such, I can see the traffic going by with tcpdump (and RX bytes in ifconfig eth0 is sitting at 76Mb from the last 30 mins..), however an ipchains -vnL doesn't show anything except actual traffic in/out of the machine.. (I've done an 'ipchains --append -i eth0', which I would think should be accounting all data the interface is seeing..) Am I doing something wrong here? I'm prepared to go back to a 2.0 kernel to get this working if I have to, but if there's an easier solution (using ipac - it's perfect for the accounting I need to be doing at the moment..) to getting ipchains to account for what I'm expecting it to account for, I'm open to suggestions.. I've spent the last four hours digging through google searching on 'ipchains promisc', and noone else seems to have come across this problem (or perhaps just hadn't expected it to work like that..?), except for one person who posted about it here to slug last year, but never got a solution.. Regards, Damien Gardner Jnr - Dip.EE StudIEAust [EMAIL PROTECTED] - http://www.rendrag.net/ Ph: 0417 055 052 - Fax: 02 6255 8663 -- A hard-on does NOT count as personal growth. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
