Date: Tue, 6 Jul 2004 08:55:42 -0400 (EDT) From: "Steve Bertrand" <steveb@eagle.ca> To: "lists" <lists@sleektech.nl> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw count rules to count traffic to virtual ip's Message-ID: <3487.209.167.16.15.1089118542.squirrel@209.167.16.15> In-Reply-To: <40EA8BA5.80900@sleektech.nl> References: <1089058362.3279.7.camel@localhost.localdomain> <40EA8BA5.80900@sleektech.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> Anyone ? > >>Hello, >> >>I'm trying to setup ipfw to count traffic to each ip on the server (one >>interface with multiple aliased ip's) >> >>now it seems that the count rules are about the same for each ip while >>this isn't the truth.. >> Are these the exact rules, or does # ipfw show mix them up a bit? For instance: # ipfw add 10000 count tcp from any to 1.1.1.1 *should* count all tcp traffic destined for 1.1.1.1, and likewise, # ipfw add 11000 count tcp from 1.1.1.1 to any *should* count all tcp traffic from the IP. If ipfw show is conveluting the rules a bit, you might start by sending in a small sample of your ruleset. Just a thought... Steve >>00007 7715117 6712750640 count ip from any to any via fxp0 >>00008 2953770 167284959 count ip from any to any in recv fxp0 >>00009 4761341 6545462313 count ip from any to any out xmit fxp0 >>00010 7707303 6712093431 count tcp from any to any via 1.1.1.1 >>00011 2948103 166773748 count tcp from any to any in recv 1.1.1.1 >>00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1 >>00016 7707299 6712092983 count tcp from any to any via 2.2.2.2 >>00017 2948101 166773668 count tcp from any to any in recv 2.2.2.2 >>00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2 >>00022 2842887 145092334 count tcp from any to any 80 via fxp0 >> >>As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about the >>same while ip 2.2.2.2 is actually doing nothing (all ports are blocked >>cause its not active yet) >> >>What is going wrong here ? how come ipfw counts the same traffic for >>each ip.. >> >>Also rule 22 from "any to any 80" shows only a few hundred megs traffic >>while 95% of all the traffic on the server is http traffic from >>website's so this should be atleast around the 5GB of traffic instead of >>a few hundred megs.. >> >>Any idea's ?? >> >>Thanks >> >>m. >> >> >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3487.209.167.16.15.1089118542.squirrel>