Date: Tue, 25 Oct 2005 11:37:04 +0400 From: "Andrew P." <infofarmer@gmail.com> To: user <user@dhp.com> Cc: freebsd-questions@freebsd.org Subject: Re: traffic accounting per username with ipfw in 5.4 ? (more) Message-ID: <cb5206420510250037m7bf98eabx3116263f380f0f86@mail.gmail.com> In-Reply-To: <Pine.LNX.4.21.0510241745090.8180-100000@shell.dhp.com> References: <cb5206420510241435j71703866qa6d1ec60ba72fd64@mail.gmail.com> <Pine.LNX.4.21.0510241745090.8180-100000@shell.dhp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/25/05, user <user@dhp.com> wrote: > > Hello, > > On Tue, 25 Oct 2005, Andrew P. wrote: > > > On 10/25/05, user <user@dhp.com> wrote: > > > > > > I remember that ipfw had been augmented some time ago to do traffic > > > counting, etc., based on usernames ... but I see no mention of that i= n the > > > ipfw man page on my 5.4-RELEASE system. > > > > > > Is this something that only exists in IPFW2 ? Does ipfw2 even exist > > > anymore ? > > > > > > Can someone clarify for me what is going on with regard to what used = to be > > > called IPFW2, FreeBSD 5.x, and per-user traffic counting ? > > > > > > thanks. > > > > ipfw2 replaced ipfw in 5.x > > > > Read the manpage more carefully, please. Search > > for "uid" option. > > > Thanks - I was searching for username and getting nowhere. Also, thank > you for the clarification regarding ipfw2/ipfw and their current state. > > I notice that the traffic accounting per uid only applies to traffic > initiated by that user, and initiated from the local machine. If I scp a > file away from the machine (as user X) the traffic does not get > incremented, and if I scp a file to the local machine (as user X) it also > does not get incremented - even though those are non-anonymous actions > that occur under the auspices of a particular username. > > Doe anyone have any suggestions for traffic accounting (of particularly > ssh traffic) on a per user basis, for _all_ traffic that occurs under the > auspices of that username, and not just what _they themselves_ initiate, > personally, in their own login shell ? > > Thank you. > > ipfw looks at the owner of a process, sshd in your case. If you really need to account the not-locally- initiated ssh traffic, start another sshd running as the user (on another port), and connect to that port [you can easily allow a user to connect only to a selected server by editing sshd_config's]. Anyway, try thinking logically. How ipfw could ever know what user traffic belongs to if all authentication is handled by sshd internally. Otherwise, it would be a security whole (though some actions can certainly be logged to limited- access log files). Hassle-free solutions, i.e. complex accounting systems, come for money. Though, whatever problem you might have, I'm sure somehow that there's another way.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420510250037m7bf98eabx3116263f380f0f86>