From owner-freebsd-questions Thu Jan 22 22:15:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA02730 for questions-outgoing; Thu, 22 Jan 1998 22:15:26 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mail.creative.net.au (mail.creative.net.au [203.56.168.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA02705 for ; Thu, 22 Jan 1998 22:15:00 -0800 (PST) (envelope-from adrian@mail.creative.net.au) Received: from mail.creative.net.au (localhost.creative.net.au [127.0.0.1]) by mail.creative.net.au (8.8.5/8.7) with ESMTP id NAA05391 for ; Fri, 23 Jan 1998 13:39:55 +0800 (WST) Message-Id: <199801230539.NAA05391@mail.creative.net.au> To: freebsd-questions@FreeBSD.ORG Subject: ipfw 'in' and 'out' not counting right? Date: Fri, 23 Jan 1998 13:39:55 +0800 From: Adrian Chadd Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk Hi. I'm doing some per-interface IP accounting using ipfw, like this: ipfw add allow ip from any to any via $int in ipfw add allow ip from any to any via $int out Which seemed to work with pings, both the packet and bytecounts are right. But I've noticed that it is counting a lot LESS traffic than is in reality passing through the interfaces (TCP/UDP stuff..) And the last rule 'allow ip from any to any' is really very high, considering at all times there is a pair of rules as shown above for each interface on the box. Has anyone set up accounting like this using ipfw before? Adrian -- Adrian Chadd | "I used to be thin, handsome and smart. | Then I discovered UNIX." |