I have this installed on Debian. I am running squeeze, kernel=2.6.32. My first time trying the ACCOUNT module was before there was a debian package, and I remember one of the problems I had then was that the kernel was too old. I can't remember what version it was then, but I suspect it was around 2.6.25 or so. Once you have downloaded the packages, this command should get you started: $(m-a a-i -t xtables-addons-source) One thing I had to do this time with the debian package was make a symlink from /usr/lib/libxt_ACCOUNT_cl.so.0 to /usr/lib/libxt_ACCOUNT_cl.so.0.0.0 in order to get the module to load. then a $(modprobe xt_ACCOUNT) should work. If I recall, I have also had it happen in the past that all the libxt stuff was in the wrong location, and I had to symlink a full directory to get it working, but I think that was before it came out as a .deb. If I recall, another road block was that I needed the iptables-dev package installed. Once the module was loaded, I created the following rules for my networks: gatelian:/usr/lib# iptables-save | grep tname -A POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname wan -A POSTROUTING -j ACCOUNT --addr 192.168.25.0/24 --tname computerisms -A POSTROUTING -j ACCOUNT --addr 192.168.24.0/24 --tname computerisms-public I believe the rules for the two non-routable subnets will not count accurately to the outside, the count these rules give should be higher than what bandwidth is used to the net at large. if it loads successfully, then $(iptaccount -a) should show you something like: Found table: wan Found table: computerisms Found table: computerisms-public I remember this ACCOUNT thing did not go smoothly for me, the hardest part has always been in getting the module to load. But if you post more specific error messages, I am pretty sure I can help you get it in there... On Mon, 2010-10-18 at 17:12 +0200, Maarten Vanraes wrote: > Hello, > > I can't get it working myself: > * kernel: 2.6.26-2-amd64 (debian lenny) > * iptables: 1.4.8 > * xtables-addons: 1.26 > > > - man pages tell us to use CIDR notation; however syslog shows in the error > messages "network/netmask" notation (255.255.255.0) > - removing the rule with iptables -D removes the rule, but it seems not the > account table. > - iptaccount -h doesn't remove it either > - modprobe -r xt_ACCOUNT doesn't either > - i always get 0 rules or something > - adding the rule after it's been deleted doesn't work, i get error messages > about wrong parameters > - adding a diff addr with same name succeeds, but gives error messages in > syslog > > > Do i do something wrong; or is there a bug in here? > > Kind Regards, > > Maarten Vanraes > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Bob Miller 334-7117/660-5315 http://computerisms.ca bob@xxxxxxxxxxxxxxx Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
