Counting rules
Andrew Kopeyko
kaa at rambler-co.ru
Fri May 9 03:36:05 PDT 2003
On Fri, 9 May 2003, Evgeny Ivanov wrote:
>
> Hello everyone ,
> I have a problem setting up the accounting rules .
> I want to account all incoming and outgoing traffic per each of the stations that are behind NAT box . The situtaion is something like this :
>
> add divert natd all from any to any via rl0
> add allow all from any to any
> add count from 192.168.1.10 to any out
> add count from any to 192.168.1.10 in
>
> And the last two rues not working .
>
> Can you please tell me what the hell I am missing ? :))
Have you read ``man ipfw'' ??? IMHO - you don't...
In 2 words - ipfw uses 'first rule match' ideology - vice versa to
ipfilter's "last match".
So, all your traffic is matched by rules 1 & 2.
If 192.168.1.0/24 is your internal NAT'ed network - move `count' rules to
the beginning - and you will have enought time to read manpage.
--
Best regards,
Andrew Kopeyko <kaa at rambler-co.ru>
Head of NOC
Rambler Co. http://www.rambler.ru/
phone : +7 095 745-3619
More information about the freebsd-ipfw
mailing list