From owner-freebsd-isp Tue Oct 16 7: 6:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id 318DD37B40C for ; Tue, 16 Oct 2001 07:06:19 -0700 (PDT) Received: from 213-193-182-3.adsl.easynet.be ([213.193.182.3] helo=krijt.livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 15tUrJ-00043W-00; Tue, 16 Oct 2001 16:06:17 +0200 Received: (from wim@localhost) by krijt.livens.net (8.11.3/8.11.3) id f9GE6kt19508; Tue, 16 Oct 2001 16:06:46 +0200 (CEST) (envelope-from wim) Date: Tue, 16 Oct 2001 16:06:46 +0200 From: Wim Livens To: Mathias.Picker@virtual-earth.de Cc: freebsd-isp@freebsd.org Subject: Re: getting all connections between two sites Message-ID: <20011016160646.F92155@krijt.livens.net> References: <20011016131534.9578937B405@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011016131534.9578937B405@hub.freebsd.org>; from Mathias.Picker@virtual-earth.de on Tue, Oct 16, 2001 at 03:15:27PM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Op di 16 okt, 2001 om 03:15:27pm +0200, schreef Mathias.Picker@virtual-earth.de: > > two sites have to be isolated through a firewall, which are right now > fully connected and have probably many cross connections, e.g. users at > siteA using servers at siteB and vice versa. > Has anyone done this allready, or has anyone an idea how to do this > without logging all the connection data and post-process it? I need only > the fact that some connection has been up and which ip's, port and > protocol was involved, and only once per connection, e.g. if I found > some connection, I'm not interested in it anymore. See /usr/ports/net/nstreams This is especially useful when you plan to install a fire- wall but if you do not know the nstreams that the network users are generating (http, real audio, and more...). nstreams can read the tcpdump output directly from stdin, or from a file. It can even generate the configuration file of your firewall, using the -O option. -- Wim Livens http://wim.livens.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message