From owner-freebsd-net Tue Apr 6 17:48: 3 1999 Delivered-To: freebsd-net@freebsd.org Received: from grafica.co.nz (prometheus.grafica.co.nz [203.96.151.13]) by hub.freebsd.org (Postfix) with ESMTP id C0DCA151C6 for ; Tue, 6 Apr 1999 17:47:58 -0700 (PDT) (envelope-from keith@grafica.co.nz) Received: from grafica.co.nz (localhost.grafica.co.nz [127.0.0.1]) by grafica.co.nz (8.9.3/8.9.3) with ESMTP id MAA02798 for ; Wed, 7 Apr 1999 12:47:18 +1200 (NZST) Message-ID: <370AAB14.D93409F2@grafica.co.nz> Date: Wed, 07 Apr 1999 12:47:16 +1200 From: Keith Newton Organization: Graphic Solutions X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: IP accounting and NATD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, sorry to pose a question that I am sure has been asked before, but I have sifted through hundreds of mailing list posting and usenet postings and nobody has asked this question quite along the lines that I am needing. So here goes.... The deal is I have a FreeBSD machine with two ethernet cards in it, fxp0 and de0. The fxp0 is attached to and internal LAN using 192.168.2.XXX the de0 interface is connected to the internet. At the moment all traffic passes through NATD to get from the LAN to the INET and vica versa. the rules in the firewall are /sbin/ipfw add divert natd all from any to any via de0 /sbin/ipfw add pass all from any to any Now this is fine and works. I on the other hand want to do IP accounting of the traffic passing from specific computers on the LAN to the outside world using NATD. So I tried the following rules /sbin/ipfw -f flush /sbin/ipfw add 1001 divert natd all from 192.168.2.1 to any via de0 /sbin/ipfw add 1002 divert natd all from any to 192.168.2.1 via de0 /sbin/ipfw add 1011 divert natd all from 192.168.2.2 to any via de0 /sbin/ipfw add 1012 divert natd all from any to 192.168.2.2 via de0 /sbin/ipfw add 1021 divert natd all from 192.168.2.3 to any via de0 /sbin/ipfw add 1022 divert natd all from any to 192.168.2.3 via de0 /sbin/ipfw add 1031 divert natd all from 192.168.2.101 to any via de0 /sbin/ipfw add 1032 divert natd all from any to 192.168.2.101 via de0 /sbin/ipfw add 1041 divert natd all from 192.168.2.102 to any via de0 /sbin/ipfw add 1042 divert natd all from any to 192.168.2.102 via de0 ...... ..... ...... ...... /sbin/ipfw add 1201 allow all from any to any for all the machines on the LAN that need outside access, the next step should this have worked was to filter for the protocols (port numbers) and then to write a script to read the info from a set of files. Now the above didn't work Does anyone have any pointers, I feel like I am stabbing around in the dark missing one obvious thing. Thanks in advance, Keith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message