From owner-freebsd-questions Mon Jun 21 11: 4:50 1999 Delivered-To: freebsd-questions@freebsd.org Received: from inet.chip-web.com (c1003518-a.plstn1.sfba.home.com [24.1.82.47]) by hub.freebsd.org (Postfix) with SMTP id 1623D15172 for ; Mon, 21 Jun 1999 11:04:40 -0700 (PDT) (envelope-from ludwigp@bigfoot.com) Received: (qmail 15785 invoked from network); 21 Jun 1999 18:04:38 -0000 Received: from speedy.chip-web.com (HELO speedy) (172.16.1.1) by inet.chip-web.com with SMTP; 21 Jun 1999 18:04:38 -0000 Message-Id: <4.1.19990621104846.0091eda0@mail-r> X-Sender: ludwigp@toy.chip-web.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 21 Jun 1999 11:04:35 -0700 To: "Alexey V.Vinogradov" , freebsd-questions@freebsd.org From: Ludwig Pummer Subject: Re: about more than 2x in ipfw accounting via NAT In-Reply-To: <199906211648.TAA20695@Sun.Farlep.Net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 09:48 AM 6/21/1999 , Alexey V.Vinogradov wrote: >I use for count bytes ipfw rules. But, i see strange problem - when i count >from real ip-address to real ip-address, count looking good. >But if i prbably count from NAT ip-address, i see 2x count bytes. Do you see >this problem ? How i can decide it? From "man natd": >Natd normally runs in the background as a daemon. It is passed raw IP >packets as they travel into and out of the machine, and will possibly >change these before re-injecting them back into the IP packet stream. ^ ^ ^ ^ ^ ^ Put all of your counting rules after the "divert natd" line. Any ipfw rules before the divert line get called twice. Any after that get called once. (I think. This is all logical according to the man page and my train of thought. I've never actually tried byte-counting). --Ludwig Pummer ( ludwigp@bigfoot.com ) ICQ UIN: 692441 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message