Re: PF and label for traffic Accounting
Le 19/09/2011 02:33, Simon Chang a icrit : Hello, Hi, Instead of driving yourself crazy with labelling traffic, one very simple way is to use pfstat. The package will even generate good-looking graphs for you and you can post them anywhere you wish. When I looked to pfstat, I didn't see the feature i want : bandwith per IP (webserverA = 1.2 Mbps, webserverB = 11 Mbps...). But maybe i have missed something :) Nevermind, I put the label in my pf.conf and it looks to work very well (munin is used to grab the pfctl -sl output and the Mbps of the webservers are coherent) But i wasn't sure to understand why my first rule doesn't match and the second does. -- Mathieu
Re: PF and label for traffic Accounting
Hello, Instead of driving yourself crazy with labelling traffic, one very simple way is to use pfstat. The package will even generate good-looking graphs for you and you can post them anywhere you wish. If your web server isn't running OpenBSD or if you want a more generic solution, there is MRTG as well. Try looking at several solutions beyond what you have and see which one fits. Good luck.
PF and label for traffic Accounting
Hello, I try to do some traffic accounting with my OpenBSD 4.9. The goal : know how much traffic a web server sent behind the firewall. Here is an example : ClientA - FW OpenBSD WebServerA (192.168.1.10) I tried to do this in my very simple pf.conf (not in production :] ) pass match proto tcp from 192.168.1.10 port 80 to any label www (I was trying to match all traffic sent by 192.168.1.10 and with source port 80) And : ClientA:~$ wget http://192.168.1.10/1GB_file But the counters in pfctl -sl didn't change (stuck to 0) I managed to have a good counter (1GB in total bytes) with this rule : match proto tcp from any to 192.168.1.10 port 80 label www But I don't get the point and i'd like to understand :) Why the first rule doesn't match ? I was thinking the second rule will just match the traffic sent by ClientA (just a little GET request). I think I'm missing something :) Thanks in advance for your help ! -- Mathieu
