On Tuesday 08 October 2002 5:44 am, Nuitari wrote: > On Sun, 6 Oct 2002, Antony Stone wrote: > > > iptables -P FORWARD ACCEPT > > > > Ugh :-( Horrible. > > > > > for HOST in $INTERNAL_HOSTS; do > > > > > > $IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -d $HOST -j ACCEPT > > > $IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -d $HOST -j ACCEPT > > > > Why would a packet ever leave your external interface, with a destination > > address of one of your internal machines ? > > > > > $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -s $HOST -j ACCEPT > > > $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s $HOST -j ACCEPT > > > > Why would a packet ever come in through your external interface with a > > source address of one of your internal machines ? > > > > What are these rules supposed to do ? > > They are some rules I wrote after the exemple provided with bw_acct (see > below) didn't work well. I suggest you sort these out and make sure your firewall is doing what it is supposed to (ie that the rules you have a processing packets in the way you expect) before trying to extend the system further to do traffic counting as well. Antony -- Documentation is like sex: when it's good, it's very very good; when it's bad, it's still better than nothing.
