From owner-freebsd-questions Mon Oct 2 1: 1:56 2000 Delivered-To: freebsd-questions@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id DAAD737B503 for ; Mon, 2 Oct 2000 01:01:50 -0700 (PDT) Received: from wp2 (wp2 [192.168.0.12]) by osiris.ipform.ru (8.11.0/8.11.0) with SMTP id e9281T558451; Mon, 2 Oct 2000 12:01:30 +0400 (MSD) (envelope-from matrix@ipform.ru) Message-ID: <003e01c02c46$fd4d2c40$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: Cc: "Jan Knepper" , References: <024d01c02b1a$bce2d420$0c00a8c0@ipform.ru> <39D77148.98C1CB9C@smartsoft.cc> <001601c02bcf$aa413a40$0c00a8c0@ipform.ru> <20001001125351.I25121@149.211.6.64.reflexcom.com> Subject: Re: NAT trafic accounting Date: Mon, 2 Oct 2000 12:01:17 +0400 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG So, let's do it again. ed0 - 212.34.47.x - NAT INTERFACE ed1 - 192.168.0.1 people from 192.168.0.x browse internet and also access database on the 192.168.0.1 AND a webserver on 212.34.47.x i need to count only internet traffic for each of the users (there are only 5 of them, static IPs, of course, on the local network, win98 workstations) Crist J. Clark recommended: > # ipfw add 100x count ip from 192.168.0.x to not 192.168.0.0/24 > # ipfw add 101x count ip from not 192.168.0.0/24 to 192.168.0.x And it kinda works (i didn't know that NOT can be used), however, when user accesses 212.34.47.x (which is the same host as 192.168.0.1) the above rules count that trafic, while it is purely local. so we will have to add two more rules: # ipfw add 102x count ip from 192.168.0.x to 212.34.47.x # ipfw add 103x count ip from 212.34.47.x to 192.168.0.x Now, if we want to count the internet trafic for that 192.168.0.x we would have to do: (103-101)+(102-100) and that would give us the summ of incoming and outgoing trafic. However, all this does not look very good,since for each client we need 4 rules, and while it works ok for my case (5 clients), what about a medium sized network (say, 30 hosts). And i have such one and might want to count nat trafic there too. Any more graceful solutions? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message