Date: Fri, 18 Mar 2005 14:02:50 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, stephen <dinzdale@gmail.com> Subject: Re: traffic accounting Message-ID: <200503181403.02521.max@love2party.net> In-Reply-To: <ee918c7805031803413897941f@mail.gmail.com> References: <ee918c7805031800363fed881e@mail.gmail.com> <ee918c7805031803413897941f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1437888.oqFITT7Gxe Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 18 March 2005 12:41, stephen wrote: > Hi all, > > Tried sending this mail earlier, if it came through twice apologies in > advance. It did, but never mind. > Having a little difficulty regarding traffic counting. > > I have a macro ($soh) with about 30 IPs in it.. The first problem I > was having was that: > pass out on $ext_if from $soh to any keep state label "$srcaddr:: " > was not passing traffic. (nat changing source address before reaching > filtering rules) > > Someone then recommended having the following instead: > pass in on $int_if from $soh to any keep state label "$srcaddr:: " > pass out on $ext_if from any to any keep state label "total:: " > > which is now letting traffic out with the pass out rule, but the pass > in rule is not counting traffic... whenever doing "pftcl -sl" I can > see the "total::" label rising as more bandwidth is used, but all the > other labels for all the private IPs remain on zero. Generally speaking, I'd think that there is a error in your ruleset that=20 prevents this rule from being evaluated. Use $pfctl -vsr and check if the= =20 rule(s) match at all. If you are dealing with 10+ IPs I'd also suggest to= =20 look at tables. They are not only quicker (by an order of magnitude) but=20 also provide per IP counters for traffic that might just give you what you= =20 want. See the FAQ for details on tables. > I did get a step closer earlier this morning... Managed to count > traffic from the source addresses 100%, but I couldn't account for the > web traffic (which is 80% of the traffic) as I have a rdr rule that > redirects all traffic for port 80 via localhost port 3128 to > proxy/cache webpages. In any case the traffic must come in from the local side first (as I think= =20 that you are only dealing with connections initiated from the clients you a= re=20 accounting for). This traffic can always be filtered and accounted for. > Could someone possibly help rectify this? > (they are also the last rules in the ruleset so the "last match wins" > is correct) "quick" might mess you up? Please post your *complete* ruleset when you wa= nt=20 help debugging it. It's only fishing in the dark if you don't give details= =2E =20 Obfuscate your static IP if you think you have to, but post the complete=20 thing or people are not able to help. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1437888.oqFITT7Gxe Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCOtGGXyyEoT62BG0RAoVtAJ9r1I1rn/WFjJlDhWZjKrnKllaMagCeLeUj ksK556ikzbSGEWk1EbTKeAU= =iNcm -----END PGP SIGNATURE----- --nextPart1437888.oqFITT7Gxe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503181403.02521.max>