Date: Tue, 6 Jul 2004 09:45:44 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: "lists" <lists@sleektech.nl> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw count rules to count traffic to virtual ip's Message-ID: <3662.209.167.16.15.1089121544.squirrel@209.167.16.15> In-Reply-To: <40EAA9E1.7010301@sleektech.nl> References: <1089058362.3279.7.camel@localhost.localdomain> <40EA8BA5.80900@sleektech.nl> <3487.209.167.16.15.1089118542.squirrel@209.167.16.15> <40EAA7EC.7090300@sleektech.nl> <3512.209.167.16.15.1089120569.squirrel@209.167.16.15> <40EAA9E1.7010301@sleektech.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> Ok then I get it.. > > I thought ipfw was also able to have a ip address there instead of only > a interface. > Thanks Nope, I was wrong... # man ipfw [snipped] recv | xmit | via {ifX | if* | ipno | any} Matches packets received, transmitted or going through, respec- tively, the interface specified by exact name (ifX), by device name (if*), by IP address, or through some interface. I just found the latter rules to be a little more clear and precise. Perhaps someone else can shed light on the failure, but it's just nice to know that you're up and achieving the results you desired ;) Steve > > > > Steve Bertrand wrote: > >>>Well : >>> >>>This won't work: >>>ipfw add 00010 count tcp from any to any via 1.1.1.1 >>>ipfw add 00011 count tcp from any to any in recv 1.1.1.1 >>>ipfw add 00012 count tcp from any to any out xmit 1.1.1.1 >>>ipfw add 00016 count tcp from any to any via 2.2.2.2 >>>ipfw add 00017 count tcp from any to any in recv 2.2.2.2 >>>ipfw add 00018 count tcp from any to any out xmit 2.2.2.2 >>> >>> >>>This works: >>>ipfw add 00022 count tcp from 1.1.1.1 to any >>>ipfw add 00023 count tcp from any to 1.1.1.1 >>>ipfw add 00024 count tcp from 2.2.2.2 to any >>>ipfw add 00025 count tcp from any to 2.2.2.2 >>> >>>Is ipfw unable to count ip traffic on that way ? or is it just unlogical >>>how i am doing it.. >>> >>> >> >>It didn't seem logical to me. Anything after via, xmit, or recv should be >>an interface name (or alias) as this is what ipfw expects to see. The >>actual addressing should be located within the to/from portion of the >>rule. >> >>You can even go farther and count port usage as well. Say for instance, >>you want to get an idea of how much http(s) traffic there is generated on >>1.1.1.1 : >> >>ipfw add 00100 count tcp from any to 1.1.1.1 80,443 >> >>Regards, >> >>STeve >> >> >> >> >>> >>>Steve Bertrand wrote: >>> >>> >>> >>>>>Anyone ? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Hello, >>>>>> >>>>>>I'm trying to setup ipfw to count traffic to each ip on the server >>>>>> (one >>>>>>interface with multiple aliased ip's) >>>>>> >>>>>>now it seems that the count rules are about the same for each ip >>>>>> while >>>>>>this isn't the truth.. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>Are these the exact rules, or does # ipfw show mix them up a bit? >>>> >>>>For instance: >>>> >>>># ipfw add 10000 count tcp from any to 1.1.1.1 >>>> >>>>*should* count all tcp traffic destined for 1.1.1.1, and likewise, >>>> >>>># ipfw add 11000 count tcp from 1.1.1.1 to any >>>> >>>>*should* count all tcp traffic from the IP. >>>> >>>>If ipfw show is conveluting the rules a bit, you might start by sending >>>>in >>>>a small sample of your ruleset. >>>> >>>>Just a thought... >>>> >>>>Steve >>>> >>>> >>>> >>>> >>>> >>>> >>>>>>00007 7715117 6712750640 count ip from any to any via fxp0 >>>>>>00008 2953770 167284959 count ip from any to any in recv fxp0 >>>>>>00009 4761341 6545462313 count ip from any to any out xmit fxp0 >>>>>>00010 7707303 6712093431 count tcp from any to any via 1.1.1.1 >>>>>>00011 2948103 166773748 count tcp from any to any in recv 1.1.1.1 >>>>>>00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1 >>>>>>00016 7707299 6712092983 count tcp from any to any via 2.2.2.2 >>>>>>00017 2948101 166773668 count tcp from any to any in recv 2.2.2.2 >>>>>>00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2 >>>>>>00022 2842887 145092334 count tcp from any to any 80 via fxp0 >>>>>> >>>>>>As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about >>>>>> the >>>>>>same while ip 2.2.2.2 is actually doing nothing (all ports are >>>>>> blocked >>>>>>cause its not active yet) >>>>>> >>>>>>What is going wrong here ? how come ipfw counts the same traffic for >>>>>>each ip.. >>>>>> >>>>>>Also rule 22 from "any to any 80" shows only a few hundred megs >>>>>>traffic >>>>>>while 95% of all the traffic on the server is http traffic from >>>>>>website's so this should be atleast around the 5GB of traffic instead >>>>>>of >>>>>>a few hundred megs.. >>>>>> >>>>>>Any idea's ?? >>>>>> >>>>>>Thanks >>>>>> >>>>>>m. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>_______________________________________________ >>>>>freebsd-questions@freebsd.org mailing list >>>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>>To unsubscribe, send any mail to >>>>>"freebsd-questions-unsubscribe@freebsd.org" >>>>> >>>>> >>>>> >>>>> >>>>> >>>>_______________________________________________ >>>>freebsd-questions@freebsd.org mailing list >>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>To unsubscribe, send any mail to >>>>"freebsd-questions-unsubscribe@freebsd.org" >>>> >>>> >>>> >>>> >>>_______________________________________________ >>>freebsd-questions@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>To unsubscribe, send any mail to >>>"freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >> >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3662.209.167.16.15.1089121544.squirrel>