On Wed, Mar 24, 2010 at 05:30:23PM -0700, Stig Thormodsrud wrote: > Then I add the interfaces I want to iptables. > > vya...@r1# iptables -t raw -nvL PREROUTING > Chain PREROUTING (policy ACCEPT 30 packets, 4236 bytes) > pkts bytes target prot opt in out source > destination > 1608 85539 ULOG all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > ULOG copy_range 64 nlgroup 2 queue_threshold 10 > 0 0 ULOG all -- eth1.101 * 0.0.0.0/0 > 0.0.0.0/0 ULOG copy_range 64 nlgroup 2 queue_threshold 10 > 4710 1027K ULOG all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 ULOG copy_range 64 nlgroup 2 queue_threshold 10 > > I happen to choose the raw table to see the packets before nat/firewall, > but if you hook into netfilter in the POSTROUTING chain then you can > also get the output interface in the netflow records.
Hi Stig, Thanks for the examples! I'm having trouble with the iptables piece of the puzzle though. I suspect this is because I'm mirroring traffic to this server and the L2 destination doesn't match any address present on the server. I've tried add ebtables dnat to rewrite the destination MAC of incoming frames to the local interface address, but this doesn't work. I'd expect these frames to show up in the FORWARD chain in either ebtables or iptables, but if I add ACCEPT rules that match anything on the interface the counters never increment. tcpdump and sfacctd confirm that traffic is arriving. Thanks, Ross -- Ross Vandegrift [email protected] "If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher." --Woody Guthrie
signature.asc
Description: Digital signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
