From owner-freebsd-questions@FreeBSD.ORG Tue Jul 6 13:32:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 455FF16A4CE for ; Tue, 6 Jul 2004 13:32:19 +0000 (GMT) Received: from sleek.sleektech.nl (sleek.sleektech.nl [62.212.87.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B4BB43D4C for ; Tue, 6 Jul 2004 13:32:18 +0000 (GMT) (envelope-from lists@sleektech.nl) Received: (qmail 5307 invoked from network); 6 Jul 2004 13:28:59 -0000 Received: from unknown (HELO ?127.0.0.1?) (193.173.42.52) by sleek.sleektech.nl with SMTP; 6 Jul 2004 13:28:59 -0000 Message-ID: <40EAA9E1.7010301@sleektech.nl> Date: Tue, 06 Jul 2004 15:32:17 +0200 From: lists User-Agent: Mozilla Thunderbird 0.7.1 (Windows/20040626) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-questions@freebsd.org References: <1089058362.3279.7.camel@localhost.localdomain> <40EA8BA5.80900@sleektech.nl> <3487.209.167.16.15.1089118542.squirrel@209.167.16.15> <40EAA7EC.7090300@sleektech.nl> <3512.209.167.16.15.1089120569.squirrel@209.167.16.15> In-Reply-To: <3512.209.167.16.15.1089120569.squirrel@209.167.16.15> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipfw count rules to count traffic to virtual ip's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 13:32:19 -0000 Ok then I get it.. I thought ipfw was also able to have a ip address there instead of only a interface. Thanks Steve Bertrand wrote: >>Well : >> >>This won't work: >>ipfw add 00010 count tcp from any to any via 1.1.1.1 >>ipfw add 00011 count tcp from any to any in recv 1.1.1.1 >>ipfw add 00012 count tcp from any to any out xmit 1.1.1.1 >>ipfw add 00016 count tcp from any to any via 2.2.2.2 >>ipfw add 00017 count tcp from any to any in recv 2.2.2.2 >>ipfw add 00018 count tcp from any to any out xmit 2.2.2.2 >> >> >>This works: >>ipfw add 00022 count tcp from 1.1.1.1 to any >>ipfw add 00023 count tcp from any to 1.1.1.1 >>ipfw add 00024 count tcp from 2.2.2.2 to any >>ipfw add 00025 count tcp from any to 2.2.2.2 >> >>Is ipfw unable to count ip traffic on that way ? or is it just unlogical >>how i am doing it.. >> >> > >It didn't seem logical to me. Anything after via, xmit, or recv should be >an interface name (or alias) as this is what ipfw expects to see. The >actual addressing should be located within the to/from portion of the >rule. > >You can even go farther and count port usage as well. Say for instance, >you want to get an idea of how much http(s) traffic there is generated on >1.1.1.1 : > >ipfw add 00100 count tcp from any to 1.1.1.1 80,443 > >Regards, > >STeve > > > > >> >>Steve Bertrand wrote: >> >> >> >>>>Anyone ? >>>> >>>> >>>> >>>> >>>> >>>>>Hello, >>>>> >>>>>I'm trying to setup ipfw to count traffic to each ip on the server (one >>>>>interface with multiple aliased ip's) >>>>> >>>>>now it seems that the count rules are about the same for each ip while >>>>>this isn't the truth.. >>>>> >>>>> >>>>> >>>>> >>>>> >>>Are these the exact rules, or does # ipfw show mix them up a bit? >>> >>>For instance: >>> >>># ipfw add 10000 count tcp from any to 1.1.1.1 >>> >>>*should* count all tcp traffic destined for 1.1.1.1, and likewise, >>> >>># ipfw add 11000 count tcp from 1.1.1.1 to any >>> >>>*should* count all tcp traffic from the IP. >>> >>>If ipfw show is conveluting the rules a bit, you might start by sending >>>in >>>a small sample of your ruleset. >>> >>>Just a thought... >>> >>>Steve >>> >>> >>> >>> >>> >>> >>>>>00007 7715117 6712750640 count ip from any to any via fxp0 >>>>>00008 2953770 167284959 count ip from any to any in recv fxp0 >>>>>00009 4761341 6545462313 count ip from any to any out xmit fxp0 >>>>>00010 7707303 6712093431 count tcp from any to any via 1.1.1.1 >>>>>00011 2948103 166773748 count tcp from any to any in recv 1.1.1.1 >>>>>00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1 >>>>>00016 7707299 6712092983 count tcp from any to any via 2.2.2.2 >>>>>00017 2948101 166773668 count tcp from any to any in recv 2.2.2.2 >>>>>00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2 >>>>>00022 2842887 145092334 count tcp from any to any 80 via fxp0 >>>>> >>>>>As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about the >>>>>same while ip 2.2.2.2 is actually doing nothing (all ports are blocked >>>>>cause its not active yet) >>>>> >>>>>What is going wrong here ? how come ipfw counts the same traffic for >>>>>each ip.. >>>>> >>>>>Also rule 22 from "any to any 80" shows only a few hundred megs >>>>>traffic >>>>>while 95% of all the traffic on the server is http traffic from >>>>>website's so this should be atleast around the 5GB of traffic instead >>>>>of >>>>>a few hundred megs.. >>>>> >>>>>Any idea's ?? >>>>> >>>>>Thanks >>>>> >>>>>m. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>_______________________________________________ >>>>freebsd-questions@freebsd.org mailing list >>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>To unsubscribe, send any mail to >>>>"freebsd-questions-unsubscribe@freebsd.org" >>>> >>>> >>>> >>>> >>>> >>>_______________________________________________ >>>freebsd-questions@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>To unsubscribe, send any mail to >>>"freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >>> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" >> >> >> > > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >