Date: Wed, 07 Apr 1999 12:47:16 +1200 From: Keith Newton <keith@grafica.co.nz> To: freebsd-net@FreeBSD.ORG Subject: IP accounting and NATD Message-ID: <370AAB14.D93409F2@grafica.co.nz>
next in thread | raw e-mail | index | archive | help
Hi all, sorry to pose a question that I am sure has been asked before, but I have sifted through hundreds of mailing list posting and usenet postings and nobody has asked this question quite along the lines that I am needing. So here goes.... The deal is I have a FreeBSD machine with two ethernet cards in it, fxp0 and de0. The fxp0 is attached to and internal LAN using 192.168.2.XXX the de0 interface is connected to the internet. At the moment all traffic passes through NATD to get from the LAN to the INET and vica versa. the rules in the firewall are /sbin/ipfw add divert natd all from any to any via de0 /sbin/ipfw add pass all from any to any Now this is fine and works. I on the other hand want to do IP accounting of the traffic passing from specific computers on the LAN to the outside world using NATD. So I tried the following rules /sbin/ipfw -f flush /sbin/ipfw add 1001 divert natd all from 192.168.2.1 to any via de0 /sbin/ipfw add 1002 divert natd all from any to 192.168.2.1 via de0 /sbin/ipfw add 1011 divert natd all from 192.168.2.2 to any via de0 /sbin/ipfw add 1012 divert natd all from any to 192.168.2.2 via de0 /sbin/ipfw add 1021 divert natd all from 192.168.2.3 to any via de0 /sbin/ipfw add 1022 divert natd all from any to 192.168.2.3 via de0 /sbin/ipfw add 1031 divert natd all from 192.168.2.101 to any via de0 /sbin/ipfw add 1032 divert natd all from any to 192.168.2.101 via de0 /sbin/ipfw add 1041 divert natd all from 192.168.2.102 to any via de0 /sbin/ipfw add 1042 divert natd all from any to 192.168.2.102 via de0 ...... ..... ...... ...... /sbin/ipfw add 1201 allow all from any to any for all the machines on the LAN that need outside access, the next step should this have worked was to filter for the protocols (port numbers) and then to write a script to read the info from a set of files. Now the above didn't work Does anyone have any pointers, I feel like I am stabbing around in the dark missing one obvious thing. Thanks in advance, Keith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370AAB14.D93409F2>