From owner-freebsd-questions Thu Apr 3 05:19:00 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA21862 for questions-outgoing; Thu, 3 Apr 1997 05:19:00 -0800 (PST) Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA21857 for ; Thu, 3 Apr 1997 05:18:55 -0800 (PST) Received: (from smap@localhost) by gatekeeper.barcode.co.il (8.8.5/8.6.12) id PAA08390; Thu, 3 Apr 1997 15:15:22 +0300 (IDT) X-Authentication-Warning: gatekeeper.barcode.co.il: smap set sender to using -f Received: from localhost.barcode.co.il(127.0.0.1) by gatekeeper.barcode.co.il via smap (V1.3) id sma008388; Thu Apr 3 15:15:03 1997 Message-ID: <3343AD70.5184@barcode.co.il> Date: Thu, 03 Apr 1997 16:15:28 +0300 From: Nadav Eiron X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) MIME-Version: 1.0 To: Adrian Chadd CC: freebsd-questions@freebsd.org Subject: Re: Question with packet accounting. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Adrian Chadd wrote: > > Hi. > > I have a gateway machine with 3 ether cards, one ether for the internet > server network, one for the office network and one for the routers. > > I've compiled ip firewalling, and enabled ip forwarding/gatewaying via > sysctl. > > I have setup a default "pass all" rule, then have the following : > > ipfw add xx pass tcp from any portnum to any > > And then I do an ipfw -a list to grab the packet accounting info. > > Now, the info returned is only for packets passing THROUGH the box, (ie > between interfaces), not internal-network (ie between two machines on the > same network)? Yeah. ipfw accounting just counts the IP packets on *this* machine. If you want to see all that's passing on a net, you need to use bpf. > > Also, does it only log the packet passing THOUGH the box, and not going in > one interface and out the other? I don't understand this question. The rule will count whatever it is told to. For example, you may specify a specific interface to do accounting/filtering for with the "via" keyword, or only packets going in a specific direction with the in/out keywords. ipfw merely follows the rules you give it... > > Please CC the reply to me as I'm currently stuck at work and my normal > list email feed goes to my box which isn't online atm. > > Thankyou, > > Adrian Chadd > Nadav