Date: Thu, 12 Jan 2006 13:13:06 +1300 From: Barry Murphy <barry@unix.co.nz> To: freebsd-ipfw@freebsd.org Subject: Problem with count, fwd with ipfw Message-ID: <049101c6170c$f634a710$5038c80a@clear.co.nz>
next in thread | raw e-mail | index | archive | help
Hi,
I've got a rule either counting traffic for subnet ranges to work out how
much traffic they using, obviously I'm using internal IP's in this example:
# SMTP mail servers
ipfw add 00076 count ip from any to 192.168.0.128/29 in
ipfw add 00076 count ip from 192.168.0.128/29 to any out
or in some cases pipes
# Robs usage
ipfw pipe 1 config bw 64KB
ipfw pipe 2 config bw 64KB
ipfw add 00086 pipe 1 ip from any to 192.168.0.33/28 in
ipfw add 00086 pipe 2 ip from 192.168.0.33/28 to any out
I'm wanting to add transparent proxy for all users subnets but still have
the above rule tally the traffic so I added:
# Trans-proxy
ipfw add 31500 fwd 10.0.0.1,3128 tcp from 192.168.0.0/24 to any 80
Download tests have proven that the trans-proxy takes preference and allows
the user to download above their pipe rate and also shows that the pipes 76
& 86 dont count port 80 traffic so I cant see how much they downloading.
I've tried using /sbin/sysctl net.inet.ip.fw.one_pass=0 but this didn't
help. I've also tried setting the rules 76 & 86 to "in via em1" which didnt
count any traffic, so i tried the dummy "in via vlanX" which didnt count any
traffic either.
em0 is the interface connecting to my ISP and em1 is connected to a cisco
3500XL running vlans.
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::206:5bff:fe0f:37ff%em0 prefixlen 64 scopeid 0x1
inet 60.234.x.x netmask 0xfffffffc broadcast 60.234.x.x
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:06:5b:0f:37:ff
media: Ethernet 100baseTX <full-duplex>
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::206:5bff:fe0f:3800%em1 prefixlen 64 scopeid 0x2
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:06:5b:0f:38:00
media: Ethernet 1000baseTX <full-duplex>
status: active
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.34 netmask 0xfffffff0
inet6 fe80::206:5bff:fe0f:37ff%vlan1 prefixlen 64 scopeid 0x5
ether 00:06:5b:0f:38:00
media: Ethernet 1000baseTX <full-duplex>
status: active
vlan: 11 parent interface: em1
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.129 netmask 0xfffffff0
inet6 fe80::206:5bff:fe0f:37ff%vlan1 prefixlen 64 scopeid 0x5
ether 00:06:5b:0f:38:00
media: Ethernet 1000baseTX <full-duplex>
status: active
vlan: 12 parent interface: em1
Any idea's would be much appreictated.
Cheers
Barry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?049101c6170c$f634a710$5038c80a>