From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:57:19 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 3A03316A4D2; Thu, 16 Sep 2004 03:57:19 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 16407 invoked by uid 1005); 20 Nov 2003 15:39:30 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 16404 invoked from network); 20 Nov 2003 15:39:29 -0000
Received: from moutng.kundenserver.de (212.227.126.177)
  by pd9530776.dip.t-dialin.net with SMTP; 20 Nov 2003 15:39:29 -0000
Received: from [212.227.126.213] (helo=mxng17.kundenserver.de)
	by moutng3.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AMqr1-00039c-00
	for max@vampire.homelinux.org; Thu, 20 Nov 2003 16:36:23 +0100
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng17.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AMqqw-0007E2-00
	for max@love2party.net; Thu, 20 Nov 2003 16:36:18 +0100
Received: from turing (localhost [127.0.0.1])ESMTP
	id E124F391B6A; Thu, 20 Nov 2003 10:13:43 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Thu, 20 Nov 2003 10:13:34 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.177])ESMTP id 6BF11391887
	for <pf4freebsd@freelists.org>; Thu, 20 Nov 2003 10:12:36 -0500 (EST)
Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de)
	by moutng3.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AMqg4-0007q2-01; Thu, 20 Nov 2003 16:25:04 +0100
Received: from [217.83.7.118] (helo=max2400)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1AMqfZ-000271-00; Thu, 20 Nov 2003 16:24:33 +0100
From: Max Laier <max@love2party.net>
X-Mailer: The Bat! (v2.00) UNREG / CD5BF9353B3B7091
Organization: n/a
X-Priority: 3 (Normal)
Message-ID: <15911388906.20031120162429@love2party.net>
To: "c.s.r.c.murthy" <murthy@magnum.barc.ernet.in>
In-Reply-To: <3FBC5396.435E6213@magnum.barc.ernet.in>
References: <WTONKJZU2UQNY4X31EBB7QOFCB9WU53.3fbb1b47@murthy1>
 <197834109.20031119091735@love2party.net>
 <3FBC5396.435E6213@magnum.barc.ernet.in>
MIME-Version: 1.0
Content-type: text/plain;
  charset=us-ascii
X-archive-position: 225
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: max@love2party.net
Precedence: normal
X-list: pf4freebsd
Content-Transfer-Encoding: quoted-printable
X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84
X-UID: 343
X-Length: 4006
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000
cc: pf4freebsd@freelists.org
Subject: [pf4freebsd] Re: pf and netstat
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:57:19 -0000
X-Original-Date: Thu, 20 Nov 2003 16:24:29 +0100
X-List-Received-Date: Thu, 16 Sep 2004 03:57:19 -0000

Hello c.s.r.c.murthy,

Thursday, November 20, 2003, 6:39:34 AM, you wrote:
csrcm>     Pf is able to distribute user http requests over 2 internet li=
nks.
csrcm> But netstat is unable to show the sessions estatblished with the i=
nternet
csrcm> hosts when "netstat -na" is given. "netstat -na" shows only the tc=
p/udp
csrcm> services listening, but not the established connections with outsi=
de
csrcm> hosts. Reason is not known.

netstat shows connections from the host you run it on. However, for
the pf case (and I assume we are talking about NATted/routed
connections here) the gateway does not establish a connection, but
only forwards packets (with rewriting some headers in NAT case).
If you use (in contrast to NAT/route) a (transparent-)proxy the
gateway will establish connections itself and you will see them with
netstat.

If you use stateful filtering pf keeps it's own connection table
(called "states") which can be viewed by issuing $pfctl -vss

You might also want to take a look at pftop
(http://www.freshports.org/sysutils/pftop/) from the ports
(sysutils/pftop) which monitors states (and other useful pf related
information) in a top(1) like interface.

--=20
Best regards,
 Max                            mailto:max@love2party.net