Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Feb 2002 13:39:42 -0500
From:      "Scott M. Nolde" <scott@smnolde.com>
To:        Florian Nigsch <flo@nigsch.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPFW rules
Message-ID:  <20020221133942.B53679@smnolde.com>
In-Reply-To: <20020221192954.A50541@nigsch.com>; from flo@nigsch.com on Thu, Feb 21, 2002 at 07:29:54PM %2B0100
References:  <20020221192954.A50541@nigsch.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Florian Nigsch(flo@nigsch.com)@2002.02.21 19:29:54 +0000:
> Hi all,
>=20
> On a dualhomed host, FreeBSD 4.5-STABLE, consider the following:
>=20
> ed0 =3D 1.2.3.4 (official IP)
> ed1 =3D 192.168.1.0 (unoffical IP)
>=20
> the box runs NATd.
>=20
> -> Traffic accounting:
>=20
> If I only want to count the actual traffic coming from / going to the Int=
ernet,
> is the rule
> 	count ip from any to any via ed0
> sufficient? To count the traffic from the inside hosts (192.168.1.0/24) t=
o and
> from the Internet, the rules
> 	count ip from 192.168.1.0/24 to any
> 	count ip from any to 192.168.1.0/24
> should work. But that includes the internal traffic as well. Do I get this
> internal traffic with
> 	count ip from any to any via ed1
> ?=20
>=20
> To what this all boils down: When a packet from an inside host (192.168.1=
.0/24)
> goes out to the internet, when does NATd change the adress and hence which
> counters are updatedb?
>=20
> thanks,
>=20
> flo
>=20
> Florian Nigsch <flo@nigsch.com>
> http://flo.nigsch.com/
> PGP key: http://flo.nigsch.com/fnigsch.asc
>=20

I use the skipto function of ipfw:
# ipfw show | head
00010  894628  264432483 skipto 50 ip from any to any in recv dc0
00020 1021767  135654843 skipto 50 ip from any to any out xmit dc0

then rule 50 is the first rule of my normal ipfw ruleset.

--=20
Scott Nolde
GPG Key 0xD869AB48

--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8dT7uvDSQh9hpq0gRAjuUAJ0YelcvFgHOxCvwL3ROTbchTDqzMwCfc5c0
bkuyoxfv4E0D82RujNTuH9s=
=UJPY
-----END PGP SIGNATURE-----

--G4iJoqBmSsgzjUCe--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020221133942.B53679>