Date: Fri, 9 May 2003 14:35:53 +0400 (MSD) From: Andrew Kopeyko <kaa@rambler-co.ru> To: freebsd-ipfw@freebsd.org Cc: Evgeny Ivanov <eivanov@abv.bg> Subject: Re: Counting rules Message-ID: <20030509142600.D49934@park.rambler.ru> In-Reply-To: <882655426.1052472578528.JavaMail.nobody@app1.ni.bg> References: <882655426.1052472578528.JavaMail.nobody@app1.ni.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 May 2003, Evgeny Ivanov wrote: > > Hello everyone , > I have a problem setting up the accounting rules . > I want to account all incoming and outgoing traffic per each of the stations that are behind NAT box . The situtaion is something like this : > > add divert natd all from any to any via rl0 > add allow all from any to any > add count from 192.168.1.10 to any out > add count from any to 192.168.1.10 in > > And the last two rues not working . > > Can you please tell me what the hell I am missing ? :)) Have you read ``man ipfw'' ??? IMHO - you don't... In 2 words - ipfw uses 'first rule match' ideology - vice versa to ipfilter's "last match". So, all your traffic is matched by rules 1 & 2. If 192.168.1.0/24 is your internal NAT'ed network - move `count' rules to the beginning - and you will have enought time to read manpage. -- Best regards, Andrew Kopeyko <kaa@rambler-co.ru> Head of NOC Rambler Co. http://www.rambler.ru/ phone : +7 095 745-3619
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030509142600.D49934>