Re: xt_ACCOUNT define many network by table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank very much but it doesn't work because the 128.0.0.0/8 doesn't
pass through my box.
Is there a subnets witch could mach any IP address that pass through my box?
regards.

2011/1/27 Bob Miller <bob@xxxxxxxxxxxxxxx>:
> On Thu, 2011-01-27 at 16:55 +0000, E2IA wrote:
>> Hi,
>> all I'm using xt_ACCOUNT for accounting on my linux box.
>> I have two network 192.168.2.0/24 and 172.16.2.0/24. and i want to
>> account these 2 network via table http.
>> So i've made these two rules :
>> rule 1: Âiptables Â-t mangle  -A ÂPOSTROUTING  -m mark --mark Â123
>> -j ACCOUNT --addr Â192.168.2.0/24 Â--tname http
>> rule 2: Âiptables Â-t mangle  -A ÂPOSTROUTING  -m mark --mark Â123
>> -j ACCOUNT --addr Â172.16.2.0/24 Â Â--tname http
>>
>> but when I enter the rule2 i got this error message :
>> [282339.158532] ACCOUNT: Table http found, but IP/netmask mismatch.
>> IP/netmask found: 192.168.2.0/255.255.255.0
>> [282339.158670] ACCOUNT: Table insert problem. Aborting
>>
>> I'm wondering and I'd like to know if there is mean to define a table
>> for 2 deferent network.
>> regards.
>> --
>
> And for the whole list:
> My experimentation suggests that you would need two different tables for
> two different --addr subnets. ÂHowever, I think you could use something
> like this:
>
> iptables Â-t mangle  -A ÂPOSTROUTING -s 192.168.2.0/24 -m mark --mark
> 123 -j ACCOUNT --addr Â128.0.0.0/8 Â--tname http
> iptables Â-t mangle  -A ÂPOSTROUTING -d 192.168.2.0/24 -m mark --mark
> 123 -j ACCOUNT --addr Â128.0.0.0/8 Â--tname http
> iptables -t mangle -A ÂPOSTROUTING -s 172.16.2.0/24 Â-m mark --mark Â123
> -j ACCOUNT --addr Â128.0.0.0/8 Â --tname http
> iptables -t mangle -A ÂPOSTROUTING -d 172.16.2.0/24 Â-m mark --mark Â123
> -j ACCOUNT --addr Â128.0.0.0/8 Â --tname http
>
> That is pure speculation based on a very loose understanding of ACCOUNT,
> here is hoping it works...
>
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at Âhttp://vger.kernel.org/majordomo-info.html
>
> Bob Miller
> 334-7117/660-5315
> http://computerisms.ca
> bob@xxxxxxxxxxxxxxx
> Network, Internet, Server,
> and Open Source Solutions
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux