Date: Fri, 18 Mar 2005 14:02:50 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, stephen <dinzdale@gmail.com> Subject: Re: traffic accounting Message-ID: <200503181403.02521.max@love2party.net> In-Reply-To: <ee918c7805031803413897941f@mail.gmail.com> References: <ee918c7805031800363fed881e@mail.gmail.com> <ee918c7805031803413897941f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Friday 18 March 2005 12:41, stephen wrote: > Hi all, > > Tried sending this mail earlier, if it came through twice apologies in > advance. It did, but never mind. > Having a little difficulty regarding traffic counting. > > I have a macro ($soh) with about 30 IPs in it.. The first problem I > was having was that: > pass out on $ext_if from $soh to any keep state label "$srcaddr:: " > was not passing traffic. (nat changing source address before reaching > filtering rules) > > Someone then recommended having the following instead: > pass in on $int_if from $soh to any keep state label "$srcaddr:: " > pass out on $ext_if from any to any keep state label "total:: " > > which is now letting traffic out with the pass out rule, but the pass > in rule is not counting traffic... whenever doing "pftcl -sl" I can > see the "total::" label rising as more bandwidth is used, but all the > other labels for all the private IPs remain on zero. Generally speaking, I'd think that there is a error in your ruleset that prevents this rule from being evaluated. Use $pfctl -vsr and check if the rule(s) match at all. If you are dealing with 10+ IPs I'd also suggest to look at tables. They are not only quicker (by an order of magnitude) but also provide per IP counters for traffic that might just give you what you want. See the FAQ for details on tables. > I did get a step closer earlier this morning... Managed to count > traffic from the source addresses 100%, but I couldn't account for the > web traffic (which is 80% of the traffic) as I have a rdr rule that > redirects all traffic for port 80 via localhost port 3128 to > proxy/cache webpages. In any case the traffic must come in from the local side first (as I think that you are only dealing with connections initiated from the clients you are accounting for). This traffic can always be filtered and accounted for. > Could someone possibly help rectify this? > (they are also the last rules in the ruleset so the "last match wins" > is correct) "quick" might mess you up? Please post your *complete* ruleset when you want help debugging it. It's only fishing in the dark if you don't give details. Obfuscate your static IP if you think you have to, but post the complete thing or people are not able to help. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCOtGGXyyEoT62BG0RAoVtAJ9r1I1rn/WFjJlDhWZjKrnKllaMagCeLeUj ksK556ikzbSGEWk1EbTKeAU= =iNcm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503181403.02521.max>