From owner-freebsd-questions@FreeBSD.ORG Tue Oct 25 07:37:05 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FFE316A41F for ; Tue, 25 Oct 2005 07:37:05 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id C70B743D45 for ; Tue, 25 Oct 2005 07:37:04 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by zproxy.gmail.com with SMTP id i28so821343nzi for ; Tue, 25 Oct 2005 00:37:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oO+7cSIBBYtotAuJ1Jfb/U8x6VqTSNDFK0ZXT353fZ2Vp1bCWOJ17QKA60XyZdQLvsUbTZa7ImR2wb87uho10Pauieq4UeJylFmFFxPfyEXaqXY2F3QbFZE1EZDMcUhboGZGaFQRxvQhBiwa1DOezvNEZFkUtygSEhnvoI2VLrg= Received: by 10.37.12.59 with SMTP id p59mr6922395nzi; Tue, 25 Oct 2005 00:37:04 -0700 (PDT) Received: by 10.37.20.34 with HTTP; Tue, 25 Oct 2005 00:37:04 -0700 (PDT) Message-ID: Date: Tue, 25 Oct 2005 11:37:04 +0400 From: "Andrew P." To: user In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: freebsd-questions@freebsd.org Subject: Re: traffic accounting per username with ipfw in 5.4 ? (more) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 07:37:05 -0000 On 10/25/05, user wrote: > > Hello, > > On Tue, 25 Oct 2005, Andrew P. wrote: > > > On 10/25/05, user wrote: > > > > > > I remember that ipfw had been augmented some time ago to do traffic > > > counting, etc., based on usernames ... but I see no mention of that i= n the > > > ipfw man page on my 5.4-RELEASE system. > > > > > > Is this something that only exists in IPFW2 ? Does ipfw2 even exist > > > anymore ? > > > > > > Can someone clarify for me what is going on with regard to what used = to be > > > called IPFW2, FreeBSD 5.x, and per-user traffic counting ? > > > > > > thanks. > > > > ipfw2 replaced ipfw in 5.x > > > > Read the manpage more carefully, please. Search > > for "uid" option. > > > Thanks - I was searching for username and getting nowhere. Also, thank > you for the clarification regarding ipfw2/ipfw and their current state. > > I notice that the traffic accounting per uid only applies to traffic > initiated by that user, and initiated from the local machine. If I scp a > file away from the machine (as user X) the traffic does not get > incremented, and if I scp a file to the local machine (as user X) it also > does not get incremented - even though those are non-anonymous actions > that occur under the auspices of a particular username. > > Doe anyone have any suggestions for traffic accounting (of particularly > ssh traffic) on a per user basis, for _all_ traffic that occurs under the > auspices of that username, and not just what _they themselves_ initiate, > personally, in their own login shell ? > > Thank you. > > ipfw looks at the owner of a process, sshd in your case. If you really need to account the not-locally- initiated ssh traffic, start another sshd running as the user (on another port), and connect to that port [you can easily allow a user to connect only to a selected server by editing sshd_config's]. Anyway, try thinking logically. How ipfw could ever know what user traffic belongs to if all authentication is handled by sshd internally. Otherwise, it would be a security whole (though some actions can certainly be logged to limited- access log files). Hassle-free solutions, i.e. complex accounting systems, come for money. Though, whatever problem you might have, I'm sure somehow that there's another way.