From owner-freebsd-isp@FreeBSD.ORG  Thu Apr 22 08:39:30 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D3D2C16A4CF
	for <freebsd-isp@freebsd.org>; Thu, 22 Apr 2004 08:39:30 -0700 (PDT)
Received: from flash.mipk.kharkiv.edu (flash.mipk.kharkiv.edu
	[194.44.157.113])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 70B3543D31
	for <freebsd-isp@freebsd.org>; Thu, 22 Apr 2004 08:39:16 -0700 (PDT)
	(envelope-from artem@mipk.kharkiv.edu)
Received: from mipk.kharkiv.edu (rainbow.mipk.kharkiv.edu [192.168.9.241])
	i3MFZruc066305;	Thu, 22 Apr 2004 18:35:53 +0300 (EEST)
	(envelope-from artem@mipk.kharkiv.edu)
Message-ID: <4087E658.7030900@mipk.kharkiv.edu>
Date: Thu, 22 Apr 2004 18:35:52 +0300
From: Artyom Viklenko <artem@mipk.kharkiv.edu>
Organization: IIAT NTU "KhPI"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.5) Gecko/20031007
X-Accept-Language: ru, uk, en
MIME-Version: 1.0
To: Spidey Knepscheld <spidey@act.co.za>
References: <DAENIFJEFNHAEEEFPNLKIEKECBAA.spidey@act.co.za>
In-Reply-To: <DAENIFJEFNHAEEEFPNLKIEKECBAA.spidey@act.co.za>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-isp@freebsd.org
Subject: Re: Traffic Monitor
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2004 15:39:31 -0000

If you interesting in monitoring uplink connection,
you can run some tolls (such as ipaudit, ipcount or something else)
directly on the firewall machine. And you didn't need the hub.
You can bind such monitoring tool to any NIC on the firewall,
but preferably to external. You need bpf in the kernel.

Spidey Knepscheld wrote:

> Hi
> 
> I am an ISP running FreeBSD as a firewall and as a Mail Server. My problem
> is that I am not able to monitor the amount of traffic that user are using
> on my network. in south Africa bandwidth is extremely expensive and I need
> to take my bandwidth to the edge.
> 
> My network looks like this: My Link comes in on a Cisco 805 from the router
> it goes to the first NIC on the Firewall from the second NIC it runs into a
> 10base HUB where there are only 3 ports used one as I said for the Firewall
> the other for a FreeBSD box (I want to use this box for traffic monitoring)
> and then one port for the rest of the network which connects to a 100base
> switch. The reason I used the 10base HUB is because it broadcasts all the
> data to all the ports. So for all data to and from the firewall will be
> caught by the Monitoring BSD box. I hope this makes sense.
> 

-- 
        Sincerely yours,
                          Artyom V. Viklenko.
======================================================
System Administrator            artem@mipk.kharkiv.edu
------------------------------------------------------
IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002
Phone: +38 (0572) 400026        Fax: +38 (057) 7062749
======================================================