From: Bob Miller <bob@computerisms.ca>
To: Maarten Vanraes <maarten@ba.be>
Cc: netfilter@vger.kernel.org
Subject: Re: xtables-addons ACCOUNT
Date: Tue, 19 Oct 2010 09:45:49 -0700 [thread overview]
Message-ID: <1287506749.13167.1042.camel@laplaplian> (raw)
In-Reply-To: <201010191009.32841.maarten@ba.be>
Hi
>
> where exactly should i use the ACCOUNT module? does that matter?
Assuming you mean in your iptables rule set, yes, it matters, and you
should put it where you want it to count. Based on my my understanding,
limited though it is; in theory, for the 0/0 subnet, the mangle
table/prerouting chain will catch all traffic between you and the ISP
that has tcp/ip qualities (ie address and netmask). If you are trying
to count data used to the ISP by computers on a LAN, then placing the
rule in the filter table/forward chain should count that traffic.
> error message when trying to use it now:
>
>
> ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask found:
> 194.0.234.0/255.255.255.0
> ACCOUNT: Table insert problem. Aborting
Seems your configuration doesn't match your situation? without knowing
more about your environment and how you configured this box, it is hard
to say, maybe your interface address is not in 194.0.234.0/24 or
something?
Jan's response might seem to indicate this is an issue of the way you
built this up or a software mismatch of some sort. Given the fun I had
making this work before it all came out in debian packages with debian
methods of building it, I would not be one bit surprised if that is the
case.
> when trying to remove the rule with iptables:
>
>
> ACCOUNT: Table publicnet not found for destroy
>
>
> "iptaccount -a" does show the nets fine; but the -l publicnet always gives:
>
>
> Showing table: publicnet
> Run #0 - 0 items found
> Finished.
If the other two nets are working as expected, I would think that means
your software is working, but I dont' know why you would have this
problem on the one net.
Bob Miller
334-7117/660-5315
http://computerisms.ca
bob@computerisms.ca
Network, Internet, Server,
and Open Source Solutions
next prev parent reply other threads:[~2010-10-19 16:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-18 15:12 xtables-addons ACCOUNT Maarten Vanraes
2010-10-18 16:18 ` Bob Miller
2010-10-18 16:32 ` Bob Miller
2010-10-19 8:09 ` Maarten Vanraes
2010-10-19 9:38 ` Jan Engelhardt
2010-10-19 10:00 ` Maarten Vanraes
2010-10-19 16:45 ` Bob Miller [this message]
2010-10-20 8:25 ` Maarten Vanraes
2010-10-20 9:16 ` Jan Engelhardt
2010-10-20 13:03 ` Maarten Vanraes
2010-10-20 17:36 ` Jan Engelhardt
2010-10-21 11:31 ` Maarten Vanraes
2010-10-27 20:28 ` Jan Engelhardt
2010-10-28 7:32 ` Maarten Vanraes
2010-10-28 22:20 ` Jan Engelhardt
2010-10-29 7:31 ` Maarten Vanraes
-- strict thread matches above, loose matches on Subject: below --
2010-10-25 7:35 Maarten Vanraes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1287506749.13167.1042.camel@laplaplian \
--to=bob@computerisms.ca \
--cc=maarten@ba.be \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).