Date: Tue, 4 Mar 2003 02:15:09 -0800 (PST) From: Josh Brooks <user@mail.econolodgetulsa.com> To: freebsd-net@freebsd.org Subject: counting firewall traffic on a second machine Message-ID: <20030304021141.C49939-100000@mail.econolodgetulsa.com>
next in thread | raw e-mail | index | archive | help
Hello, I used to have a firewall with ipfw count rules in place for every IP I had. This worked fine, but it gave me a 2000+ ruleset that would cause cpu to skyrocket under even the lightest of DoS attacks. So, I have plugged in another system on the DMZ and plan to count from there. In the most basic sense, I am thinking of sniffing trafficon this second machine and counting via that mechanism. Is this a common setup - counting traffic on a second machine that the traffic does not even flow through ? If so, is ipfw count rules used on the counting machine, or is there a better tool for counting per-IP traffic on a secondary system like this ? Any suggestions are appreciated. i will be using MRTG to show the stats, but again, the actual gathering / counting method I will use i am not sure of ... was planning on using ipfw count rules, but thought I would ask. And I am not sure of how to sniff traffic and pass it to ipfw to count .. so perhaps ipfw is not involved at all... thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030304021141.C49939-100000>