Ok then I get it..

I thought ipfw was also able to have a ip address there instead of only a interface.
Thanks




Steve Bertrand wrote:

Well :

This won't work:
ipfw add 00010 count tcp from any to any via 1.1.1.1
ipfw add 00011 count tcp from any to any in recv 1.1.1.1
ipfw add 00012 count tcp from any to any out xmit 1.1.1.1
ipfw add 00016 count tcp from any to any via 2.2.2.2
ipfw add 00017 count tcp from any to any in recv 2.2.2.2
ipfw add 00018 count tcp from any to any out xmit 2.2.2.2


This works: ipfw add 00022 count tcp from 1.1.1.1 to any ipfw add 00023 count tcp from any to 1.1.1.1 ipfw add 00024 count tcp from 2.2.2.2 to any ipfw add 00025 count tcp from any to 2.2.2.2

Is ipfw unable to count ip traffic on that way ? or is it just unlogical
how i am doing it..



It didn't seem logical to me. Anything after via, xmit, or recv should be an interface name (or alias) as this is what ipfw expects to see. The actual addressing should be located within the to/from portion of the rule.

You can even go farther and count port usage as well. Say for instance,
you want to get an idea of how much http(s) traffic there is generated on
1.1.1.1 :

ipfw add 00100 count tcp from any to 1.1.1.1 80,443

Regards,

STeve





Steve Bertrand wrote:



Anyone ?





Hello,

I'm trying to setup ipfw to count traffic to each ip on the server (one
interface with multiple aliased ip's)

now it seems that the count rules are about the same for each ip while
this isn't the truth..





Are these the exact rules, or does # ipfw show mix them up a bit?

For instance:

# ipfw add 10000 count tcp from any to 1.1.1.1

*should* count all tcp traffic destined for 1.1.1.1, and likewise,

# ipfw add 11000 count tcp from 1.1.1.1 to any

*should* count all tcp traffic from the IP.

If ipfw show is conveluting the rules a bit, you might start by sending
in
a small sample of your ruleset.

Just a thought...

Steve






00007 7715117 6712750640 count ip from any to any via fxp0
00008 2953770  167284959 count ip from any to any in recv fxp0
00009 4761341 6545462313 count ip from any to any out xmit fxp0
00010 7707303 6712093431 count tcp from any to any via 1.1.1.1
00011 2948103  166773748 count tcp from any to any in recv 1.1.1.1
00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1
00016 7707299 6712092983 count tcp from any to any via 2.2.2.2
00017 2948101  166773668 count tcp from any to any in recv 2.2.2.2
00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2
00022 2842887  145092334 count tcp from any to any 80 via fxp0

As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about the
same while ip 2.2.2.2 is actually doing nothing (all ports are blocked
cause its not active yet)

What is going wrong here ? how come ipfw counts the same traffic for
each ip..

Also rule 22 from "any to any 80"  shows only a few hundred megs
traffic
while 95% of all the traffic on the server is http traffic from
website's so this should be atleast around the 5GB of traffic instead
of
a few hundred megs..

Any idea's ??

Thanks

m.







_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"





_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"




_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"





_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"




_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to