ipfw count rules to count traffic to virtual ip's

Steve Bertrand steveb at eagle.ca
Tue Jul 6 05:55:34 PDT 2004


> Anyone ?
>
>>Hello,
>>
>>I'm trying to setup ipfw to count traffic to each ip on the server (one
>>interface with multiple aliased ip's)
>>
>>now it seems that the count rules are about the same for each ip while
>>this isn't the truth..
>>

Are these the exact rules, or does # ipfw show mix them up a bit?

For instance:

# ipfw add 10000 count tcp from any to 1.1.1.1

*should* count all tcp traffic destined for 1.1.1.1, and likewise,

# ipfw add 11000 count tcp from 1.1.1.1 to any

*should* count all tcp traffic from the IP.

If ipfw show is conveluting the rules a bit, you might start by sending in
a small sample of your ruleset.

Just a thought...

Steve


>>00007 7715117 6712750640 count ip from any to any via fxp0
>>00008 2953770  167284959 count ip from any to any in recv fxp0
>>00009 4761341 6545462313 count ip from any to any out xmit fxp0
>>00010 7707303 6712093431 count tcp from any to any via 1.1.1.1
>>00011 2948103  166773748 count tcp from any to any in recv 1.1.1.1
>>00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1
>>00016 7707299 6712092983 count tcp from any to any via 2.2.2.2
>>00017 2948101  166773668 count tcp from any to any in recv 2.2.2.2
>>00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2
>>00022 2842887  145092334 count tcp from any to any 80 via fxp0
>>
>>As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about the
>>same while ip 2.2.2.2 is actually doing nothing (all ports are blocked
>>cause its not active yet)
>>
>>What is going wrong here ? how come ipfw counts the same traffic for
>>each ip..
>>
>>Also rule 22 from "any to any 80"  shows only a few hundred megs traffic
>>while 95% of all the traffic on the server is http traffic from
>>website's so this should be atleast around the 5GB of traffic instead of
>>a few hundred megs..
>>
>>Any idea's ??
>>
>>Thanks
>>
>>m.
>>
>>
>>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>




More information about the freebsd-questions mailing list