IPFW and ipa

Grant Peel gpeel at thenetnow.com
Thu Aug 26 16:45:29 UTC 2010 

Hi all,

Since FreeBSD 4.4, I have been using ipa(1.3.6) to do bandwidth accounting.

Since upgrading to FreeBSD 8, I now get log messages saying that the ipfw 
rules do not exist:

Example (one example of hundreds doing the same thing):

Aug 26 07:32:59 constellation ipa[2940]: rule rulename.ipa: 10017.0 doesn't 
exist in IPFW kernel table
Aug 26 07:32:59 constellation ipa[2940]: rule rulename.ipa: 10017.1 doesn't 
exist in IPFW kernel table

The ipfw rule does exist:

#ipfw -a list
10017   4826   4903117 count ip from nnn.nnn.nnn.nnn to any via bge0
10017   4233    655962 count ip from any to nnn.nnn.nnn.nnn via bge0

The /usr/local/etc/ipa.conf rule looks like so:

rule rulename.ipa {
     ipfw = 10017 10017.1
     info = rulename bandwidth
     }

The ipa database is empty:

constellation# ipastat -r rulename.ipa
+---------------------+---------------------------+---------------------+---------------------+
| Rule                | Info                      | From                | To 
|
+---------------------+---------------------------+---------------------+---------------------+
| rulename.ipa        | rulename bandwidth        | 2010.08.01/00:00:00 | 
2010.08.31/24:00:00 |
+---------------------+---------------------------+---------------------+---------------------+

+------------+-------+--------+
| Date       | Bytes | Mbytes |
+------------+-------+--------+
| 2010.08.01 |     0 |      0 |
| 2010.08.02 |     0 |      0 |
| 2010.08.03 |     0 |      0 |
| 2010.08.04 |     0 |      0 |
| 2010.08.05 |     0 |      0 |
| 2010.08.06 |     0 |      0 |
| 2010.08.07 |     0 |      0 |
| 2010.08.08 |     0 |      0 |
| 2010.08.09 |     0 |      0 |
| 2010.08.10 |     0 |      0 |
| 2010.08.11 |     0 |      0 |
| 2010.08.12 |     0 |      0 |
| 2010.08.13 |     0 |      0 |
| 2010.08.14 |     0 |      0 |
| 2010.08.15 |     0 |      0 |
| 2010.08.16 |     0 |      0 |
| 2010.08.17 |     0 |      0 |
| 2010.08.18 |     0 |      0 |
| 2010.08.19 |     0 |      0 |
| 2010.08.20 |     0 |      0 |
| 2010.08.21 |     0 |      0 |
| 2010.08.22 |     0 |      0 |
| 2010.08.23 |     0 |      0 |
| 2010.08.24 |     0 |      0 |
| 2010.08.25 |     0 |      0 |
| 2010.08.26 |     0 |      0 |
+------------+-------+--------+
|            |     0 |      0 |
+------------+-------+--------+
 * 26 days *


Has something changed in ipfw that no longer allows the .0 and .1 part? Does 
anyone know of a fix or workaround?

-Grant

More information about the freebsd-questions mailing list