Re: graphing pf stats
On 01/01/2006 07:52:55 PM, Peter wrote: I want to go to the next level and graph this data at each interval. Re: R, see also: http://www-128.ibm.com/developerworks/linux/library/l-r1/ Karl [EMAIL PROTECTED] Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein
Re: graphing pf stats
On 01/01/2006 07:52:55 PM, Peter wrote: I have written an IP accounting system using pf labels. It runs every 5 minutes and extracts stats for data entering and leaving my lan. It works nicely but I want to go to the next level and graph this data at each interval. I have no experience, but... The R Project for Statistical Computing R is a language and environment for statistical computing and graphics. http://www.r-project.org/ (Has many plug-ins for perl, python, etc.) Karl [EMAIL PROTECTED] Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein
Re: graphing pf stats
I've used one of the GDchart extensions to ruby for some histogram plot of network link utilization. However now that Firefox natively supports SVG I would also consider http://www.germane-software.com/software/SVG/SVG::Graph/ once upon a lonesome Peter wrote: SNIP I have heard of Perl with GD::Graph but are there other ways? SNIP -- Peter diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005)
Re: PFSense?
Tobias Weisserth wrote: Hi there, On Sunday 01 January 2006 23:08, Charles Sprickman wrote: .. Any comments on this project? I do like the idea of being able to drop a fairly sophisticated appliance at a client site that uses pf... http://www.weisserth.net/index.php?option=com_contenttask=viewid=74Itemid=82 The problem is having unnecessary services exposed on a firewall machine (in order to have the web interface). pf is easy enough to configure manually in contrast to iptables. This is of course just my opinion. Exposed to internal address's is not so bad, and considering my boss has to have something with a gui on it to be acceptable to her, I'd take pfsense any day over the pix we are using now.
Pftpx Bridge?
Hi :) I am a little confused about Pftpx / Ftpsesame, and I hope someone can help? Is Pftpx replacing Ftpsesame ? And if so, does Pftpx support PF in bridge-mode? Best regards happy new year to you all, Henrik Bro
Re: graphing pf stats
On Jan 1, 2006, at 8:52 PM, Peter wrote: I have written an IP accounting system using pf labels. It runs every 5 minutes and extracts stats for data entering and leaving my lan. It works nicely but I want to go to the next level and graph this data at each interval. I wrote one in ruby that uses rrdtool for stat tracking and graph generation. I planned on writing another more flexible one using BPF so I didn't bother telling anybody about it. If anybody is interested in seeing it, let me know. Kelley Reynolds President Inside Systems, Inc. PGP.sig Description: This is a digitally signed message part
route-to question: routing by ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I'd like to use PF's route-to option to route traffic through a tunnel (tun0) interface for certain ports only. - From what i read here: http://www.openbsd.org/faq/pf/pools.html, here: http://www.monkey.org/openbsd/archive/misc/0311/msg00640.html and here http://www.benzedrine.cx/pf/msg04941.html, these rules should do the trick : - --[snip]-- nat on $ext_if from $lan_net to any - $ext_if nat on $tun_if from $lan_net to any - $tun_if pass in quick on $int_if route-to ($tun_if $tun_gw) \ proto tcp from $lan_net to any port 25 keep state - --[snip]-- but they doesn't. It's like the keep state flag is not acting, because when i tcpdump on a target machine : some.lan_net.machine$ telnet target 25 target.machine# tcpdump -vv -i sis0 dst port 25 tcpdump: listening on sis0, link-type EN10MB (Ethernet), capture size 96 bytes 14:30:16.594788 IP (tos 0x10, ttl 59, id 50921, offset 0, flags [DF], proto: TCP (6), length: 60) tunnel.interface.1635 target.smtp: S, cksum 0xf540 (incorrect (- 0xca86), 4250289696:4250289696(0) win 5840 mss 1460,sackOK,timestamp 598704329 0,nop,wscale 2 the target is effectively reached by the good tunnelized host but the reply nevers comes back. And yes, the tunnel works, routing by default over it is ok. Is there any trick i misread ? Thanks for your time. NB: just in case, i'm using NetBSD 3.0 PF port - - iMil [EMAIL PROTECTED] _ http://gcu-squad.org ASCII ribbon campaign ( ) - against HTML email X vCards / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (NetBSD) iD8DBQFDuS6FFG3BlGWyzUIRAmwqAJwO1Fn1EL5pm8YqJKKdh75oPIbARwCdFTxn aCEv6zLwf9s07Fc05kN5bdA= =PN2x -END PGP SIGNATURE-
Re: graphing pf stats
Kelley Reynolds wrote: On Jan 1, 2006, at 8:52 PM, Peter wrote: I have written an IP accounting system using pf labels. It runs every 5 minutes and extracts stats for data entering and leaving my lan. It works nicely but I want to go to the next level and graph this data at each interval. I wrote one in ruby that uses rrdtool for stat tracking and graph generation. I planned on writing another more flexible one using BPF so I didn't bother telling anybody about it. If anybody is interested in seeing it, let me know. Kelley Reynolds President Inside Systems, Inc. It would be nice to take a look at your rrdtool system :-). I have one of my own which is named pf2mrtg you can check it out in www.securelabs.org/scripts.html which is based on mrtg and pf labels.Thanks in advance :-)
Re: Pftpx Bridge?
On Mon, Jan 02, 2006 at 03:06:33PM +0100, Henrik Bro wrote: Hi :) I am a little confused about Pftpx / Ftpsesame, and I hope someone can help? Both are written by the same author, Camiel. Is Pftpx replacing Ftpsesame ? I do not think so, although pftpx is now in the base distribution, replacing the old ftp-proxy. And if so, does Pftpx support PF in bridge-mode? you can run pftpx in bridge mode, I suppose, but you will need an IP on the bridge Ftpsesame is better suited to ip'less bridges. Best regards happy new year to you all, Henrik Bro
Re: graphing pf stats
On Sunday 01 January 2006 18:52, you wrote: pfstat works well, it may be a nice starting point for you or it may do everything you want. Bob
Re: graphing pf stats
On Mon, 2 Jan 2006 13:56:21 -0700 Bob DeBolt [EMAIL PROTECTED] wrote: pfstat works well, it may be a nice starting point for you or it may do everything you want. If there's time I'll look at making a plugin for monitoring programs. -- Regards, Ed http://www.usenix.org.uk - http://irc.is-cool.net :%s/Open Source/Free Software/g
