Hi,
I got an interesting problem. On my IPv6 tunnel server, I do some simple
IPv4 accounting using the ipchains bytecounter. Works good since over a year.
Now I want to count also my tunneled IPv6 traffic. I've installed 2 rules
in a new chain:
IPBASIC="IPv4 address of tunnel's Ethernet interface"
ipchains -N ipaccV6
ipchains -A input -p 41 -d $IPBASIC -j ipaccV6
ipchains -A output -p 41 -s $IPBASIC -j ipaccV6
ipchains -A ipaccV6 -j ACCEPT
The basic chains are all end with a deny/reject log, also the policy is
similiar. Forwarding similar.
Now the strange behavior:
The input related chain counts packets, the outgoing not!
Is it possible, that the ipchains outgoing ruleset did not work for
tunneled IPv6 packets?
Here an IPv4-tcpdump only output from a ping6 via that tunnel
17:47:58.777634 eth0 < 6BONE.UNI-MUENSTER.DE > tunnel.bieringer.de:
ip-proto-41 104
17:47:58.777634 sit0 < 0:0:0:0:0:0 0:0:0:0:0:1 ipv6 118:
* counted *
17:47:58.777882 sit0 > 0:0:0:0:0:0 0:0:0:0:0:0 ipv6 118:
17:47:58.777937 eth0 > tunnel.bieringer.de > p3E991650.dip.t-dialin.net:
ip-proto-41 104 (DF)
* not counted*
Can someone please test such behavior?
Used: Kernel 2.2.17 + Openwall-Patch, ipchains 1.3.9, 17-Mar-1999
TIA,
Peter
|