From owner-freebsd-security Mon Jun 11 13:11: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id 5030737B407 for ; Mon, 11 Jun 2001 13:11:00 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id PAA21392; Mon, 11 Jun 2001 15:10:32 -0500 (CDT) Received: from sprint.centtech.com(10.177.173.31) by prox via smap (V2.1+anti-relay+anti-spam) id xma021386; Mon, 11 Jun 01 15:10:02 -0500 Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id PAA10308; Mon, 11 Jun 2001 15:10:02 -0500 (CDT) Message-ID: <3B25259B.404344DA@centtech.com> Date: Mon, 11 Jun 2001 15:10:03 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: Ryan Cc: freebsd-security@freebsd.org Subject: Re: IPFILTER byte/packet counting References: <3B24F469.13D59538@centtech.com> <000401c0f2b0$0331dfe0$01000001@mhx800> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, I know about this. But what I really need it basically bytes passed in/out on a per rule basis. I need to graph (I'll use mrtg) the usage per machine behind the transparent firewall (running IPFILTER). Eric Ryan wrote: > > http://www.obfuscation.org/ipf/ > > this is the only link that i have > Along with ipf you can use ipfmon which shows the following packet > infomation > [root@rolln /home/mhx$] ipfstat > input packets: blocked 461 passed 46857 nomatch 0 counted 0 short 0 > output packets: blocked 0 passed 47234 nomatch 0 counted 0 short 0 > input packets logged: blocked 461 passed 0 > output packets logged: blocked 0 passed 0 > packets logged: input 0 output 0 > log failures: input 17 output 0 > fragment state(in): kept 0 lost 0 > fragment state(out): kept 0 lost 0 > packet state(in): kept 257 lost 0 > packet state(out): kept 256 lost 0 > ICMP replies: 454 TCP RSTs sent: 6 > Invalid source(in): 0 > Result cache hits(in): 332 (out): 4 > IN Pullups succeeded: 0 failed: 0 > OUT Pullups succeeded: 0 failed: 0 > Fastroute successes: 460 failures: 0 > TCP cksum fails(in): 0 (out): 0 > Packet log flags set: (0) > > i hope that helps > > none > ----- Original Message ----- > From: "Eric Anderson" > To: > Sent: Monday, June 11, 2001 11:40 AM > Subject: IPFILTER byte/packet counting > > > Using IPFILTER with a bridge, can ipf count packets and bytes going > > to/from an ip? I see things like dummynet (which only works with > > ipfw?). Does anyone have a good url of a howto or information on this? > > I basically need to see usage (in bytes really) to/from certain ip's > > behind my ipf/bridging firewall. > > > > Eric > > > > > > -- > > -------------------------------------------------------------------------- > ----- > > Eric Anderson anderson@centtech.com Centaur Technology (512) > > 418-5792 > > For every complex problem, there is a solution that is simple, neat, and > > wrong. > > -------------------------------------------------------------------------- > ----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 For every complex problem, there is a solution that is simple, neat, and wrong. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message