<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-2">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Ahoj,</DIV>
<DIV> </DIV>
<DIV>Uz som to prehodil, bohuzial, nevyznam sa v tom velmi, a ohladne
accountingu s iptables som nenasiel na webe nic :( </DIV>
<DIV>Tu je vypis z rc.masq_firewall:</DIV>
<DIV> </DIV>
<DIV>IPTABLES="/sbin/iptables"<BR><FONT face=Arial size=2>#externa
ip</FONT></DIV>
<DIV>EXTIF="eth1" </DIV>
<DIV>#maskovana siet<BR>INTIF="eth0"<BR> <BR>echo " clearing
any existing rules and setting default policy.."<BR>$IPTABLES -P INPUT
ACCEPT<BR>$IPTABLES -F INPUT<BR>$IPTABLES -P OUTPUT ACCEPT<BR>$IPTABLES -F
OUTPUT<BR>$IPTABLES -P FORWARD DROP<BR>$IPTABLES -F FORWARD<BR>$IPTABLES -t nat
-F<BR> <BR>echo " FWD: Allow all connections OUT and only
existing and related ones IN"<BR>$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m
state --state ESTABLISHED,RELATED -j ACCEPT<BR>$IPTABLES -A FORWARD -i $INTIF -o
$EXTIF -j ACCEPT<BR>$IPTABLES -A FORWARD -j LOG<BR></DIV>
<DIV>a tu z rc.accounting :</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>EXTERNAL_INTERFACE="eth1"<BR>IPTABLES="iptables"<BR>INTERNAL_HOSTS="
192.168.0.1 192.168.0.2 192.168.0.3 "<BR> <BR>for HOST in $INTERNAL_HOSTS;
do<BR> <BR> echo "Creating Chain
for $HOST"<BR> $IPTABLES -N
$HOST<BR> <BR> # incoming jump
rule<BR> $IPTABLES -A FORWARD -o
$EXTERNAL_INTERFACE -d $HOST -j
$HOST<BR> <BR> # outgoing jump
rule<BR> $IPTABLES -A FORWARD -i
$EXTERNAL_INTERFACE -s $HOST -j
$HOST<BR> <BR> # incoming
accounting chain<BR> $IPTABLES -A
$HOST -o $EXTERNAL_INTERFACE -d
$HOST<BR> <BR> # outgoing
accounting chain<BR> $IPTABLES -A
$HOST -i $EXTERNAL_INTERFACE -s $HOST<BR> <BR>done;<BR> <BR>iptables
-L -nvx vypise:</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>Chain INPUT (policy ACCEPT 554 packets, 50657 bytes)<BR>
pkts bytes target prot opt
in out
source
destination <BR> <BR>Chain
FORWARD (policy DROP 0 packets, 0 bytes)<BR>
pkts bytes target prot opt
in out
source
destination
<BR> 661 441423 ACCEPT
all -- eth1 eth0
0.0.0.0/0
0.0.0.0/0 state
RELATED,ESTABLISHED <BR> 782 90770
ACCEPT all -- eth0
eth1
0.0.0.0/0
0.0.0.0/0
<BR>
0 0
LOG
all -- *
*
0.0.0.0/0
0.0.0.0/0 LOG flags 0
level 4 <BR>
0 0
192.168.0.1 all --
* eth1
0.0.0.0/0
192.168.0.1
<BR>
0 0 192.168.0.1 all
-- eth1 *
192.168.0.1
0.0.0.0/0
<BR>
0 0 192.168.0.2 all
-- * eth1
0.0.0.0/0
192.168.0.2
<BR>
0 0 192.168.0.2 all
-- eth1 *
192.168.0.2
0.0.0.0/0
<BR>
0 0 192.168.0.3 all
-- * eth1
0.0.0.0/0
192.168.0.3
<BR>
0 0 192.168.0.3 all
-- eth1 *
192.168.0.3
0.0.0.0/0
<BR> <BR>Chain OUTPUT (policy ACCEPT 381 packets, 115048
bytes)<BR> pkts bytes
target prot opt in
out
source
destination <BR> <BR>Chain
192.168.0.1 (2 references)<BR>
pkts bytes target prot opt
in out
source
destination
<BR>
0
0 all
-- * eth1
0.0.0.0/0
192.168.0.1
<BR>
0
0 all
-- eth1 *
192.168.0.1
0.0.0.0/0
<BR> <BR>Chain 192.168.0.2 (2 references)<BR>
pkts bytes target prot opt
in out
source
destination
<BR>
0
0 all
-- * eth1
0.0.0.0/0
192.168.0.2
<BR>
0
0 all
-- eth1 *
192.168.0.2
0.0.0.0/0
<BR> <BR>Chain 192.168.0.3 (2 references)<BR>
pkts bytes target prot opt
in out
source
destination
<BR>
0
0 all
-- * eth1
0.0.0.0/0
192.168.0.3
<BR>
0
0 all
-- eth1 *
192.168.0.3
0.0.0.0/0 </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>cize procita traffic za cely interface ale jednotlivo uz nie. co
tu mam nastavit inac ? pomoze aj odkaz na nejake www.</DIV>
<DIV> </DIV>
<DIV>dakujem</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>----- Original Message -----
<DIV>From: "Juraj Bednar" <<A
href="mailto:juraj@bednar.sk">juraj@bednar.sk</A>></DIV>
<DIV>To: <<A
href="mailto:linux@lists.linux.sk">linux@lists.linux.sk</A>></DIV>
<DIV>Sent: Monday, January 13, 2003 10:40 PM</DIV>
<DIV>Subject: Re: [linux] Ip accounting</DIV></DIV>
<DIV><BR></DIV>> Ahoj,<BR>> <BR>> > $IPTABLES -N $HOST<BR>>
> $IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -d $HOST -j
HOST<BR>> <BR>> chyba ti $. Ak mas -o $EXTERNAL_INTERFACE, urcite ti to
nepojde na host<BR>> $HOST, skor to z neho pride, takze vymenit -o a
-d.<BR>> <BR>> > $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -s
$HOST -j $HOST<BR>> > $IPTABLES -A $HOST -o $EXTERNAL_INTERFACE -d
$HOST<BR>> > $IPTABLES -A $HOST -i $EXTERNAL_INTERFACE -s $HOST<BR>>
<BR>> ...<BR>> <BR>> <BR>> J.<BR>> <BR>>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>