From owner-freebsd-pf@FreeBSD.ORG Fri Mar 18 13:03:12 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9891F16A4CE for ; Fri, 18 Mar 2005 13:03:12 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id C979143D54 for ; Fri, 18 Mar 2005 13:03:09 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DCH87-0007xW-00; Fri, 18 Mar 2005 14:03:07 +0100 Received: from [84.128.141.61] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DCH87-0000Yb-00; Fri, 18 Mar 2005 14:03:07 +0100 From: Max Laier To: freebsd-pf@freebsd.org, stephen Date: Fri, 18 Mar 2005 14:02:50 +0100 User-Agent: KMail/1.7.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1437888.oqFITT7Gxe"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503181403.02521.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: traffic accounting X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2005 13:03:12 -0000 --nextPart1437888.oqFITT7Gxe Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 18 March 2005 12:41, stephen wrote: > Hi all, > > Tried sending this mail earlier, if it came through twice apologies in > advance. It did, but never mind. > Having a little difficulty regarding traffic counting. > > I have a macro ($soh) with about 30 IPs in it.. The first problem I > was having was that: > pass out on $ext_if from $soh to any keep state label "$srcaddr:: " > was not passing traffic. (nat changing source address before reaching > filtering rules) > > Someone then recommended having the following instead: > pass in on $int_if from $soh to any keep state label "$srcaddr:: " > pass out on $ext_if from any to any keep state label "total:: " > > which is now letting traffic out with the pass out rule, but the pass > in rule is not counting traffic... whenever doing "pftcl -sl" I can > see the "total::" label rising as more bandwidth is used, but all the > other labels for all the private IPs remain on zero. Generally speaking, I'd think that there is a error in your ruleset that=20 prevents this rule from being evaluated. Use $pfctl -vsr and check if the= =20 rule(s) match at all. If you are dealing with 10+ IPs I'd also suggest to= =20 look at tables. They are not only quicker (by an order of magnitude) but=20 also provide per IP counters for traffic that might just give you what you= =20 want. See the FAQ for details on tables. > I did get a step closer earlier this morning... Managed to count > traffic from the source addresses 100%, but I couldn't account for the > web traffic (which is 80% of the traffic) as I have a rdr rule that > redirects all traffic for port 80 via localhost port 3128 to > proxy/cache webpages. In any case the traffic must come in from the local side first (as I think= =20 that you are only dealing with connections initiated from the clients you a= re=20 accounting for). This traffic can always be filtered and accounted for. > Could someone possibly help rectify this? > (they are also the last rules in the ruleset so the "last match wins" > is correct) "quick" might mess you up? Please post your *complete* ruleset when you wa= nt=20 help debugging it. It's only fishing in the dark if you don't give details= =2E =20 Obfuscate your static IP if you think you have to, but post the complete=20 thing or people are not able to help. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1437888.oqFITT7Gxe Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCOtGGXyyEoT62BG0RAoVtAJ9r1I1rn/WFjJlDhWZjKrnKllaMagCeLeUj ksK556ikzbSGEWk1EbTKeAU= =iNcm -----END PGP SIGNATURE----- --nextPart1437888.oqFITT7Gxe--