From owner-freebsd-questions@FreeBSD.ORG Wed Apr 23 03:17:22 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EFB637B401 for ; Wed, 23 Apr 2003 03:17:22 -0700 (PDT) Received: from mail.vzletka.net (mail.vzletka.net [80.255.136.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E0CF43FAF for ; Wed, 23 Apr 2003 03:17:20 -0700 (PDT) (envelope-from brj@vzletka.net) Received: by mail.vzletka.net (Postfix, from userid 1000) id 43017AC97; Wed, 23 Apr 2003 18:16:00 +0800 (KRAST) Received: from 172.16.0.2 (vpn-brj.vzletka.net [172.16.0.2]) by mail.vzletka.net (Postfix) with ESMTP id AB14CAC84 for ; Wed, 23 Apr 2003 18:15:37 +0800 (KRAST) Date: Wed, 23 Apr 2003 18:16:48 +0800 From: "Roman Y. Bogdanov" X-Mailer: The Bat! (v1.61) Personal Organization: vzletka.net security X-Priority: 3 (Normal) Message-ID: <11526654977.20030423181648@vzletka.net> To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: ipfw, oops and trafic accounting question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Roman Y. Bogdanov" List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2003 10:17:22 -0000 Sorry me for poor english. Today i am try to bild braindamaged firewall for my company. And get fall (-; And i have ask you for help: Tehnical data of question: 10/8 - used by transport IP only. 172.16/12 - VPN network, used for divert company users in internet. For firewall i use IPFW with keep-state ruleset. This part that divert users to internet and do traffic accounting using Ipacctd 1.5 by Roman V. Palagin ( cisco like output traffic collector. ftp://ftp.wuppy.net.ru/pub/BSD/FreeBSD/local/ipacctd/ ) 03400 517538 45324412 divert 10000 ip from 172.16.0.0/12 to any 03500 267232 158476805 divert 10000 ip from any to 172.16.0.0/12 03600 252172 21728468 divert 8668 ip from 172.16.0.0/12 to any out via fxp0 03700 259392 149480567 divert 8668 ip from any to 80.255.136.38 in via fxp0 Rules divert all trafic from 172.16/12 to localhost:10000 for trafic accounting and do real divert to internet. Problem that i can't solve: In this rules i wont add divert any trafic to port 80 in to my oops-cache engine. Like ipfw add fwd 127.0.0.1:3129 tcp from 172.16/12 to any 80,8080,3128 but i wont save trafic accounting use ipacctd. Question: What braindamaged rulest i am must write to get cache engine work and save my trafic accounting? Like: Divert trafic from any to any 80 in to oops Divert trafic (oops reply ) from oops to user for get count bytes ofrequest Divert user request to internet if dst port not 80 (becouse oops do this) And divert all other trafic back. p.s. trafic accounting look like this: 172.16.0.100 1536 80.255.128.149 80 tcp 1966 10 1051092313 80.255.128.149 80 172.16.0.100 1536 tcp 441 4 1051092313 172.16.0.212 1085 152.163.208.57 80 tcp 1340 12 1051092334 152.163.208.57 80 172.16.0.212 1085 tcp 249 4 1051092335 172.16.0.141 1085 152.163.208.121 80 tcp 1340 12 1051092524 152.163.208.121 80 172.16.0.141 1085 tcp 249 4 1051092524 -- Roman Y. Bogdanov, working for Co LTD "TRON plus" + 7 3912 540908 [work, office] + 7 3912 505653 [personal, mobile] + now playing: Celine Dion - New Day Has Come