From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 20 11:34:17 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 404F916A4B3 for ; Sat, 20 Sep 2003 11:34:17 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [195.143.231.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id D372643FE3 for ; Sat, 20 Sep 2003 11:34:15 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (zyrozo@localhost [127.0.0.1]) by lurza.secnetix.de (8.12.9p1/8.12.8) with ESMTP id h8KIYDOC069101 for ; Sat, 20 Sep 2003 20:34:14 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.9p1/8.12.8/Submit) id h8KIYDfg069100; Sat, 20 Sep 2003 20:34:13 +0200 (CEST) Date: Sat, 20 Sep 2003 20:34:13 +0200 (CEST) Message-Id: <200309201834.h8KIYDfg069100@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <3F6C7808.8070408@mac.com> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.8-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: ssh/scp filtering, iplen problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Sep 2003 18:34:17 -0000 Chuck Swiger wrote: > Oliver Fromme wrote: > [ ... ] > > If not -- is there any other way to accomplish nwhat I > > want to achieve? > > The other poster's suggestion about using port 22 for interactive and some other > port for scp copying is probably the easist. I can't do that, unfortunately. > The next thought I had would be to instrument ssh and log a line indicating the > amount of traffic consumed, perhaps via syslog to a central machine, if you > wanted to monitor traffic for lots of machines rather than just one test server. > > A quick look at "ssh -v" suggests that ssh keeps a byte counter, and doing > filecopy invokes ssh on the remote side with a command of "scp -t ..." (so that > you could distinguish between interactive and copying modes within ssh). I don't need it for monitoring or accounting, but for traffic-shaping (IPFW2 + dummynet). So any userland information like syslog or ssh byte counters son't help me at all, I'm afraid. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "FreeBSD is Yoda, Linux is Luke Skywalker" -- Daniel C. Sobral