On Tue, 6 Nov 2007 Eric F Crist [EMAIL PROTECTED] wrote:
So, everything I've read says that ipfw show displays rule number,
packets caught, bytes matched, and rule. The problem I'm having is
that it seems that the bytes, at least on some rules, is way out of
whack. I'm capturing this data for cacti, and trying to display
accumulated ipfw traffic.
If I zero my counters and download a file via FTP, the downloaded
sizes don't even compare. 61MB into the download, if I convert the
ipfw show from the supposed bytes into MB, it says I've downloaded
155MB.
Catching up on a few days' digests, and seeing noone else having a go:
It helps to show rather than tell about your rules, but I'll guess that
you're not distinguishing between inbound and outbound traffic, ie your
rules are counting packets both on the way in (pass 1) and out (pass 2)
Eg allowing traffic using 'via' (qualified neither by 'in' nor 'out')
allows (so, counts) a packet on both passes .. as may stateful rules.
Separate counts before allowing traffic can be best for accounting, eg
add $n1 count ip from $outthere to $inhere in recv $some_if
add $n2 count ip from $inhere to $outthere out xmit $some_if
[..]
add allow $whatever ..
HTH, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]