Hello,
I try to do some traffic accounting with my OpenBSD 4.9.
The goal : know how much traffic a web server sent behind the firewall.
Here is an example :
ClientA <-----> FW OpenBSD <----> WebServerA (192.168.1.10)
I tried to do this in my very simple pf.conf (not in production :] )
pass
match proto tcp from 192.168.1.10 port 80 to any label www
(I was trying to match all traffic sent by 192.168.1.10 and with source
port 80)
And :
ClientA:~$ wget http://192.168.1.10/1GB_file
But the counters in pfctl -sl didn't change (stuck to 0)
I managed to have a good counter (1GB in total bytes) with this rule :
match proto tcp from any to 192.168.1.10 port 80 label www
But I don't get the point and i'd like to understand :)
Why the first rule doesn't match ?
I was thinking the second rule will just match the traffic sent by
ClientA (just a little GET request).
I think I'm missing something :)
Thanks in advance for your help !
--
Mathieu
