From owner-freebsd-questions  Tue Jan 29 17:52:56 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84])
	by hub.freebsd.org (Postfix) with ESMTP id 37CFD37B404
	for <questions@freebsd.org>; Tue, 29 Jan 2002 17:52:54 -0800 (PST)
Received: from dialup-209.245.134.159.dial1.sanjose1.level3.net ([209.245.134.159] helo=blossom.cjclark.org)
	by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16VjvY-0005bR-00; Tue, 29 Jan 2002 17:52:49 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id g0U1pto99998;
	Tue, 29 Jan 2002 17:51:55 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 29 Jan 2002 17:51:55 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Edwin Groothuis <edwin@mavetju.org>
Cc: Mauro Dias <mribeiro@techlinux.com.br>, questions@FreeBSD.ORG
Subject: Re: ipfw + natd
Message-ID: <20020129175155.M79208@blossom.cjclark.org>
References: <001f01c1a906$b5cb9300$0200a8c0@mdrjr.net> <20020130123005.X823@k7.mavetju.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020130123005.X823@k7.mavetju.org>; from edwin@mavetju.org on Wed, Jan 30, 2002 at 12:30:05PM +1100
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jan 30, 2002 at 12:30:05PM +1100, Edwin Groothuis wrote:
> On Tue, Jan 29, 2002 at 06:36:46PM -0200, Mauro Dias wrote:
> > I'm using natd and ipfw to allow my intranet (192.168.0.0/24) to access
> > internet.
> > internet interface: rl2
> > intranet interface rl1
> > not using interface: rl0 (hehe)
> > 
> > I'm using FreeBSD-4.5RC
> > 
> > can someone tell how do i see what users in 192.168.0.0/24 are doing ?
> > something like netstat -M ?
> 
> If you add keep-state to your ipfw-rules you will get a line in
> the ipfw -a l output for every tcp connection.
> 
> Or try trafshow (don't run it as root, it's leaking descriptors). See
> http://www.mavetju.org/unix/tcpdumpmortals.php how to configure
> your system so normal users can run things like trafshow without
> needing root-access.

Nothing complicated, one just needs read access to /dev/bpf* to sniff
away.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message