Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Apr 2003 18:16:48 +0800
From:      "Roman Y. Bogdanov" <brj@vzletka.net>
To:        freebsd-questions@freebsd.org
Subject:   ipfw, oops and trafic accounting question
Message-ID:  <11526654977.20030423181648@vzletka.net>

next in thread | raw e-mail | index | archive | help

 Sorry me for poor english.

 Today i am try to bild braindamaged firewall for my company. And get
 fall (-;

 And i have ask you for help:

 Tehnical data of question:

 10/8 - used by transport IP only.
 172.16/12 - VPN network, used for divert company users in internet.

 For firewall i use IPFW with keep-state ruleset. This part that
 divert users to internet and do traffic accounting using Ipacctd 1.5
 by Roman V. Palagin ( cisco like output traffic collector. ftp://ftp.wuppy.net.ru/pub/BSD/FreeBSD/local/ipacctd/ )

 03400     517538   45324412 divert 10000 ip from 172.16.0.0/12 to any
 03500     267232  158476805 divert 10000 ip from any to 172.16.0.0/12
 03600     252172   21728468 divert 8668 ip from 172.16.0.0/12 to any out via fxp0
 03700     259392  149480567 divert 8668 ip from any to 80.255.136.38 in via fxp0
 
 Rules divert all trafic from 172.16/12 to localhost:10000 for
 trafic accounting and do real divert to internet.

 Problem that i can't solve:

 In this rules i wont add divert any trafic to port 80 in to my
 oops-cache engine. Like ipfw add fwd 127.0.0.1:3129 tcp from
 172.16/12 to any 80,8080,3128 but i wont save trafic accounting use
 ipacctd.

 Question:

 What braindamaged rulest i am must write to get cache engine work and
 save my trafic accounting?

 Like:

 Divert trafic from any to any 80 in to oops
 Divert trafic (oops reply ) from oops to user for get count bytes ofrequest
 Divert user request to internet if dst port not 80 (becouse oops do this)
 And divert all other trafic back.
 
 p.s. trafic accounting look like this:
 
 172.16.0.100    1536    80.255.128.149  80      tcp     1966    10      1051092313
 80.255.128.149  80      172.16.0.100    1536    tcp     441     4       1051092313
 172.16.0.212    1085    152.163.208.57  80      tcp     1340    12      1051092334
 152.163.208.57  80      172.16.0.212    1085    tcp     249     4       1051092335
 172.16.0.141    1085    152.163.208.121 80      tcp     1340    12      1051092524
 152.163.208.121 80      172.16.0.141    1085    tcp     249     4       1051092524
 
-- 
 Roman Y. Bogdanov, working for Co LTD "TRON plus"
 + 7 3912 540908 [work, office] + 7 3912 505653 [personal, mobile]
 + now playing: Celine Dion - New Day Has Come



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11526654977.20030423181648>