From owner-freebsd-questions  Tue Jan 29 17:30:40 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP id 764B737B402
	for <questions@freebsd.org>; Tue, 29 Jan 2002 17:30:36 -0800 (PST)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id 2C1AA2B779; Wed, 30 Jan 2002 02:30:25 +0100 (CET)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id B1C70348; Wed, 30 Jan 2002 12:30:05 +1100 (EST)
Date: Wed, 30 Jan 2002 12:30:05 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: Mauro Dias <mribeiro@techlinux.com.br>
Cc: questions@freebsd.org
Subject: Re: ipfw + natd
Message-ID: <20020130123005.X823@k7.mavetju.org>
References: <001f01c1a906$b5cb9300$0200a8c0@mdrjr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <001f01c1a906$b5cb9300$0200a8c0@mdrjr.net>; from mribeiro@techlinux.com.br on Tue, Jan 29, 2002 at 06:36:46PM -0200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, Jan 29, 2002 at 06:36:46PM -0200, Mauro Dias wrote:
> I'm using natd and ipfw to allow my intranet (192.168.0.0/24) to access
> internet.
> internet interface: rl2
> intranet interface rl1
> not using interface: rl0 (hehe)
> 
> I'm using FreeBSD-4.5RC
> 
> can someone tell how do i see what users in 192.168.0.0/24 are doing ?
> something like netstat -M ?

If you add keep-state to your ipfw-rules you will get a line in
the ipfw -a l output for every tcp connection.

Or try trafshow (don't run it as root, it's leaking descriptors). See
http://www.mavetju.org/unix/tcpdumpmortals.php how to configure
your system so normal users can run things like trafshow without
needing root-access.

Edwin

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message