* IPtables accounting ...
@ 2002-11-13 13:24 Raymond Leach
2002-11-13 14:08 ` Eric Leblond
2002-11-13 14:10 ` Antony Stone
0 siblings, 2 replies; 4+ messages in thread
From: Raymond Leach @ 2002-11-13 13:24 UTC (permalink / raw)
To: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 297 bytes --]
Hi
Where do I do iptables accounting?
For example: If I have users on a private LAN surfing via a proxy on the
firewall and I have web servers in a DMZ also being routed via the
firewall, where do I put my accounting rules? In the FORWARD chain, or
the INPUT chain, or both?
Ray
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: IPtables accounting ...
2002-11-13 13:24 IPtables accounting Raymond Leach
@ 2002-11-13 14:08 ` Eric Leblond
2002-11-13 15:38 ` Antony Stone
2002-11-13 14:10 ` Antony Stone
1 sibling, 1 reply; 4+ messages in thread
From: Eric Leblond @ 2002-11-13 14:08 UTC (permalink / raw)
To: Netfilter Mailing List
On Wed, 2002-11-13 at 14:24, Raymond Leach wrote:
> Hi
>
> Where do I do iptables accounting?
>
> For example: If I have users on a private LAN surfing via a proxy on the
> firewall and I have web servers in a DMZ also being routed via the
> firewall, where do I put my accounting rules? In the FORWARD chain, or
> the INPUT chain, or both?
Not INPUT if you don't have a web server on your firewall.
FORWARD is a good place.
--
Éric Leblond
courriel : eleblond@init-sys.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: IPtables accounting ...
2002-11-13 13:24 IPtables accounting Raymond Leach
2002-11-13 14:08 ` Eric Leblond
@ 2002-11-13 14:10 ` Antony Stone
1 sibling, 0 replies; 4+ messages in thread
From: Antony Stone @ 2002-11-13 14:10 UTC (permalink / raw)
To: Netfilter Mailing List
On Wednesday 13 November 2002 1:24 pm, Raymond Leach wrote:
> Hi
>
> Where do I do iptables accounting?
>
> For example: If I have users on a private LAN surfing via a proxy on the
> firewall and I have web servers in a DMZ also being routed via the
> firewall, where do I put my accounting rules? In the FORWARD chain, or
> the INPUT chain, or both?
Packets being routed through your firewall go through the FORWARD chain and
not through the INPUT chain.
Packets going to a proxy application running on your firewall go through the
INPUT chain and not the FORWARD chain.
Antony.
--
Anything that improbable is effectively impossible.
- Murray Gell-Mann, Nobel Prizewinner in Physics
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: IPtables accounting ...
2002-11-13 14:08 ` Eric Leblond
@ 2002-11-13 15:38 ` Antony Stone
0 siblings, 0 replies; 4+ messages in thread
From: Antony Stone @ 2002-11-13 15:38 UTC (permalink / raw)
To: Netfilter Mailing List
On Wednesday 13 November 2002 2:08 pm, Eric Leblond wrote:
> On Wed, 2002-11-13 at 14:24, Raymond Leach wrote:
> > Hi
> >
> > Where do I do iptables accounting?
> >
> > For example: If I have users on a private LAN surfing via a proxy on the
> > firewall and I have web servers in a DMZ also being routed via the
> > firewall, where do I put my accounting rules? In the FORWARD chain, or
> > the INPUT chain, or both?
>
> Not INPUT if you don't have a web server on your firewall.
> FORWARD is a good place.
But he does have a web server on his firewall - he is running a proxy, which
is both a server and a client in a single application.
Antony.
--
Most people have more than the average number of legs.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-11-13 15:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-13 13:24 IPtables accounting Raymond Leach
2002-11-13 14:08 ` Eric Leblond
2002-11-13 15:38 ` Antony Stone
2002-11-13 14:10 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.