Date: Tue, 06 Jul 2004 16:00:00 +0200 From: lists <lists@sleektech.nl> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw count rules to count traffic to virtual ip's Message-ID: <40EAB060.3010504@sleektech.nl> In-Reply-To: <3662.209.167.16.15.1089121544.squirrel@209.167.16.15> References: <1089058362.3279.7.camel@localhost.localdomain> <40EA8BA5.80900@sleektech.nl> <3487.209.167.16.15.1089118542.squirrel@209.167.16.15> <40EAA7EC.7090300@sleektech.nl> <3512.209.167.16.15.1089120569.squirrel@209.167.16.15> <40EAA9E1.7010301@sleektech.nl> <3662.209.167.16.15.1089121544.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
Yea thats the part I read from the manual and tried but got these out
put from..
with the rule "count tcp from 1.1.1.1 to any" it also works so no big
deal there I was just wondering if i did something wrong or not..
If anyone has got a answer please let us know.
Thanks.
Steve Bertrand wrote:
>>Ok then I get it..
>>
>>I thought ipfw was also able to have a ip address there instead of only
>>a interface.
>>Thanks
>>
>>
>
>Nope, I was wrong...
>
># man ipfw [snipped]
>
> recv | xmit | via {ifX | if* | ipno | any}
> Matches packets received, transmitted or going through, respec-
> tively, the interface specified by exact name (ifX), by device
> name (if*), by IP address, or through some interface.
>
>I just found the latter rules to be a little more clear and precise.
>Perhaps someone else can shed light on the failure, but it's just nice to
>know that you're up and achieving the results you desired ;)
>
>Steve
>
>
>
>>
>>Steve Bertrand wrote:
>>
>>
>>
>>>>Well :
>>>>
>>>>This won't work:
>>>>ipfw add 00010 count tcp from any to any via 1.1.1.1
>>>>ipfw add 00011 count tcp from any to any in recv 1.1.1.1
>>>>ipfw add 00012 count tcp from any to any out xmit 1.1.1.1
>>>>ipfw add 00016 count tcp from any to any via 2.2.2.2
>>>>ipfw add 00017 count tcp from any to any in recv 2.2.2.2
>>>>ipfw add 00018 count tcp from any to any out xmit 2.2.2.2
>>>>
>>>>
>>>>This works:
>>>>ipfw add 00022 count tcp from 1.1.1.1 to any
>>>>ipfw add 00023 count tcp from any to 1.1.1.1
>>>>ipfw add 00024 count tcp from 2.2.2.2 to any
>>>>ipfw add 00025 count tcp from any to 2.2.2.2
>>>>
>>>>Is ipfw unable to count ip traffic on that way ? or is it just unlogical
>>>>how i am doing it..
>>>>
>>>>
>>>>
>>>>
>>>It didn't seem logical to me. Anything after via, xmit, or recv should be
>>>an interface name (or alias) as this is what ipfw expects to see. The
>>>actual addressing should be located within the to/from portion of the
>>>rule.
>>>
>>>You can even go farther and count port usage as well. Say for instance,
>>>you want to get an idea of how much http(s) traffic there is generated on
>>>1.1.1.1 :
>>>
>>>ipfw add 00100 count tcp from any to 1.1.1.1 80,443
>>>
>>>Regards,
>>>
>>>STeve
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Steve Bertrand wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>>Anyone ?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Hello,
>>>>>>>
>>>>>>>I'm trying to setup ipfw to count traffic to each ip on the server
>>>>>>>(one
>>>>>>>interface with multiple aliased ip's)
>>>>>>>
>>>>>>>now it seems that the count rules are about the same for each ip
>>>>>>>while
>>>>>>>this isn't the truth..
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>Are these the exact rules, or does # ipfw show mix them up a bit?
>>>>>
>>>>>For instance:
>>>>>
>>>>># ipfw add 10000 count tcp from any to 1.1.1.1
>>>>>
>>>>>*should* count all tcp traffic destined for 1.1.1.1, and likewise,
>>>>>
>>>>># ipfw add 11000 count tcp from 1.1.1.1 to any
>>>>>
>>>>>*should* count all tcp traffic from the IP.
>>>>>
>>>>>If ipfw show is conveluting the rules a bit, you might start by sending
>>>>>in
>>>>>a small sample of your ruleset.
>>>>>
>>>>>Just a thought...
>>>>>
>>>>>Steve
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>00007 7715117 6712750640 count ip from any to any via fxp0
>>>>>>>00008 2953770 167284959 count ip from any to any in recv fxp0
>>>>>>>00009 4761341 6545462313 count ip from any to any out xmit fxp0
>>>>>>>00010 7707303 6712093431 count tcp from any to any via 1.1.1.1
>>>>>>>00011 2948103 166773748 count tcp from any to any in recv 1.1.1.1
>>>>>>>00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1
>>>>>>>00016 7707299 6712092983 count tcp from any to any via 2.2.2.2
>>>>>>>00017 2948101 166773668 count tcp from any to any in recv 2.2.2.2
>>>>>>>00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2
>>>>>>>00022 2842887 145092334 count tcp from any to any 80 via fxp0
>>>>>>>
>>>>>>>As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about
>>>>>>>the
>>>>>>>same while ip 2.2.2.2 is actually doing nothing (all ports are
>>>>>>>blocked
>>>>>>>cause its not active yet)
>>>>>>>
>>>>>>>What is going wrong here ? how come ipfw counts the same traffic for
>>>>>>>each ip..
>>>>>>>
>>>>>>>Also rule 22 from "any to any 80" shows only a few hundred megs
>>>>>>>traffic
>>>>>>>while 95% of all the traffic on the server is http traffic from
>>>>>>>website's so this should be atleast around the 5GB of traffic instead
>>>>>>>of
>>>>>>>a few hundred megs..
>>>>>>>
>>>>>>>Any idea's ??
>>>>>>>
>>>>>>>Thanks
>>>>>>>
>>>>>>>m.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>_______________________________________________
>>>>>>freebsd-questions@freebsd.org mailing list
>>>>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>>>To unsubscribe, send any mail to
>>>>>>"freebsd-questions-unsubscribe@freebsd.org"
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>_______________________________________________
>>>>>freebsd-questions@freebsd.org mailing list
>>>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>>To unsubscribe, send any mail to
>>>>>"freebsd-questions-unsubscribe@freebsd.org"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>_______________________________________________
>>>>freebsd-questions@freebsd.org mailing list
>>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>To unsubscribe, send any mail to
>>>>"freebsd-questions-unsubscribe@freebsd.org"
>>>>
>>>>
>>>>
>>>>
>>>>
>>>_______________________________________________
>>>freebsd-questions@freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>To unsubscribe, send any mail to
>>>"freebsd-questions-unsubscribe@freebsd.org"
>>>
>>>
>>>
>>>
>>_______________________________________________
>>freebsd-questions@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe@freebsd.org"
>>
>>
>>
>
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40EAB060.3010504>