From owner-freebsd-questions Tue Jan 29 17:45:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hawk.prod.itd.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id ADD3337B404 for ; Tue, 29 Jan 2002 17:45:52 -0800 (PST) Received: from dialup-209.245.134.159.dial1.sanjose1.level3.net ([209.245.134.159] helo=blossom.cjclark.org) by hawk.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16Vjok-0005nv-00; Tue, 29 Jan 2002 17:45:47 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id g0U1j0d99973; Tue, 29 Jan 2002 17:45:00 -0800 (PST) (envelope-from cjc) Date: Tue, 29 Jan 2002 17:45:00 -0800 From: "Crist J. Clark" To: Mauro Dias Cc: questions@FreeBSD.ORG Subject: Re: ipfw and natd Message-ID: <20020129174500.L79208@blossom.cjclark.org> References: <003101c1a92b$44520b80$0200a8c0@mdrjr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003101c1a92b$44520b80$0200a8c0@mdrjr.net>; from mribeiro@techlinux.com.br on Tue, Jan 29, 2002 at 11:13:02PM -0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 29, 2002 at 11:13:02PM -0200, Mauro Dias wrote: > Hi, > > I'm using natd and ipfw to allow my intranet (192.168.0.0/24) to access > internet. > internet interface: rl2 > intranet interface rl1 > not using interface: rl0 (hehe) > > I'm using FreeBSD-4.5RC > > can someone tell how do i see what users in 192.168.0.0/24 are doing ? > something like netstat -M ? > i tryed sockstat, netstat, None of those will work since your machine is not the endpoint of any of the connections. It does not keep track of any of the transport layer stuff. It just forwards IP datagrams not knowing or caring about how they relate to one another (well, natd(8) does a little of course). > readed the natd manpage ipfw manpage and i didn't > found nothing ... If you are using keep-state rules in the firewall, you can see the current dynamic rules using the '-d' option. Also have a look at '-e' for some recent history. > PS: if freebsd do not support this I'll do the best of myself to implement > that. natd(8) could/should (depending who you ask) have this type of ability, but at present it does not. Various ports can track this kind of thing. None that I would specifically recommend. The ipstat(8) command with IP Filter is actually kind of nice, but that would mean changing you configuration quite a bit. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message