Date: Thu, 16 Sep 2004 03:57:19 -0000 From: Max Laier <max@love2party.net> To: "c.s.r.c.murthy" <murthy@magnum.barc.ernet.in> Cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: pf and netstat Message-ID: <15911388906.20031120162429@love2party.net> In-Reply-To: <3FBC5396.435E6213@magnum.barc.ernet.in> References: <WTONKJZU2UQNY4X31EBB7QOFCB9WU53.3fbb1b47@murthy1> <197834109.20031119091735@love2party.net> <3FBC5396.435E6213@magnum.barc.ernet.in>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello c.s.r.c.murthy, Thursday, November 20, 2003, 6:39:34 AM, you wrote: csrcm> Pf is able to distribute user http requests over 2 internet li= nks. csrcm> But netstat is unable to show the sessions estatblished with the i= nternet csrcm> hosts when "netstat -na" is given. "netstat -na" shows only the tc= p/udp csrcm> services listening, but not the established connections with outsi= de csrcm> hosts. Reason is not known. netstat shows connections from the host you run it on. However, for the pf case (and I assume we are talking about NATted/routed connections here) the gateway does not establish a connection, but only forwards packets (with rewriting some headers in NAT case). If you use (in contrast to NAT/route) a (transparent-)proxy the gateway will establish connections itself and you will see them with netstat. If you use stateful filtering pf keeps it's own connection table (called "states") which can be viewed by issuing $pfctl -vss You might also want to take a look at pftop (http://www.freshports.org/sysutils/pftop/) from the ports (sysutils/pftop) which monitors states (and other useful pf related information) in a top(1) like interface. --=20 Best regards, Max mailto:max@love2party.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15911388906.20031120162429>