From owner-freebsd-questions@FreeBSD.ORG Tue Sep 13 19:32:40 2005 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5F9016A41F for ; Tue, 13 Sep 2005 19:32:40 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (62-15-72-65.inversas.jazztel.es [62.15.72.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B7C043D46 for ; Tue, 13 Sep 2005 19:32:40 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.0.64] (unknown [192.168.0.64]) by strange.daemonsecurity.com (Postfix) with ESMTP id 5507B2E01E; Tue, 13 Sep 2005 21:32:39 +0200 (CEST) Message-ID: <43272954.3050906@locolomo.org> Date: Tue, 13 Sep 2005 21:32:36 +0200 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= Organization: Locolomo.ORG User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050909) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Derrick MacPherson References: <1126638334.8813.18.camel@Mandarin-04.mainframe.ca> In-Reply-To: <1126638334.8813.18.camel@Mandarin-04.mainframe.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@FreeBSD.org Subject: Re: traffic accounting. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2005 19:32:41 -0000 Derrick MacPherson wrote: > I am going to pop a machine (bridged interfaces) in tween our LAN and > our firewall (pix) and am wanting to know what people would recommend > for IP accounting, it would be great to have a web based output to show > what traffic, from/to what hosts so the boss is happy to look at it. You can create a firewall that just passes everything and counts it. If you're not going to block anything you don't need statefull firewalling and pf should do just fine. Otherwise ipfilter will do better. I have done this some year ago with ipfilter Last time I looked at accounting for pf the problem was to get all packets counted, both ways, with statefull filtering. The problem was that the packet would only be counted when matched against a rule, and that would only happen when the state was created, this is not a problem with non-statefull filtering since all packets will traverse the ruleset every time. It may have changed, or there may be some other ways arround. I have heard about flowd but never tried to use it. That said, pf has some features I think your boss would (or should) like more than flashy web pages: Queueing so you can priotize your boss trafic over everyone else - ofcourse, you installing it can put yourself first in the queue :-) Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2