From owner-freebsd-ipfw Mon Oct 25 18:31:12 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14]) by hub.freebsd.org (Postfix) with ESMTP id 7B86B15286; Mon, 25 Oct 1999 18:31:07 -0700 (PDT) (envelope-from ssamalin@ionet.net) Received: from ionet.net (sam.ops.best.com [205.149.163.53]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id SAA09771; Mon, 25 Oct 1999 18:29:55 -0700 (PDT) Message-ID: <38150409.FF8BE621@ionet.net> Date: Mon, 25 Oct 1999 21:29:45 -0400 From: Sam Samalin X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org, "freebsd-hackers@Freebsd.org" Subject: ftp dir fails with ipfw fwd Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I get this when I try to ftp dir: Can't create data socket (n.n.n.n,20) : Can't assign requested address. I'm using ipfw fwd. Do I need a rule? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Oct 26 19:14:38 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.itga.com.au (ns.itga.com.au [192.83.119.129]) by hub.freebsd.org (Postfix) with ESMTP id 7634414EB7 for ; Tue, 26 Oct 1999 19:14:22 -0700 (PDT) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id MAA38221 for ; Wed, 27 Oct 1999 12:14:20 +1000 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id MAA14865; Wed, 27 Oct 1999 12:14:16 +1000 (EST) Message-Id: <199910270214.MAA14865@lightning.itga.com.au> X-Mailer: exmh version 2.0.1 12/23/97 From: Gregory Bond To: freebsd-ipfw@FreeBSD.ORG Subject: monitoring ipfw with mrtg? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 27 Oct 1999 12:14:16 +1000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Any ready-made hints about monitoring ipfw rule byte/packet counts from a (remote) mrtg session? I can think of lots of hacks that would work, but none are very elegant, and some are not real efficient, and some are not suitable for implementing on a firewall..... [ btw: ipfw is just -great- at measuring traffic (and can give up much more information that e.g. router logs). I use something like this $fwcmd add 47 skipto 50 ip from ${oip}:${omask} to any in recv ${oif} $fwcmd add 48 skipto 50 ip from ${ispnet} 8080 to any in recv ${oif} $fwcmd add 49 skipto 50 ip from any to any in recv ${oif} The first rule tells me how much traffic I received from other local hosts, the second how many bytes I received from the ISP's web cache, the third the number of bytes I receive from the internet - which is how many bytes I have to pay my ISP for! I'm trying to graph these three numbers using a remote mrtg session. This is probably old news to most of you, but I just discovered it... ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Oct 26 20:34:50 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.dbitech.bc.ca (i.caniserv.com [139.142.95.1]) by hub.freebsd.org (Postfix) with SMTP id 7D40A14CEB for ; Tue, 26 Oct 1999 20:34:46 -0700 (PDT) (envelope-from darcy@ok-connect.com) Received: (qmail 24088 invoked from network); 27 Oct 1999 03:34:44 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by 139.142.95.10 with SMTP; 27 Oct 1999 03:34:44 -0000 Message-Id: <3.0.32.19991026203509.01eb9e20@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 26 Oct 1999 20:35:09 -0700 To: freebsd-ipfw@FreeBSD.ORG From: Darcy Buskermolen Subject: Re: monitoring ipfw with mrtg? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Gregory here is the information I recived when I asked the same question of the list a while back >Darcy Buskermolen wrote: >> >> Can anybody tell me how to get snmp monitoring of ipfw rules to work ? >> >> I've tried almost every variation of snmpwalk/get that I can thik of but >> with no luck :/ I've done this before on linux installs but with ipfwadm. > >I am made module to ucd-snmpd, it works for me, but I don't tried to >walk accross >it, I need only get, But may be walk will work too. > >while build it is need to add special flag to configure for add this >module > >If you interested in it, gpt it from >http://www.plugcom.ru/~vova/ipfw-snmp.tgz >.iso.org.dod.internet.private.enterprises.ucdavis.ucdExperimental.ipFwRules .ipFwBytes - byte counter >.iso.org.dod.internet.private.enterprises.ucdavis.ucdExperimental.ipFwRules .ipFwPackets - packet counter > >-- > >TSB Russian Express, Moscow >Vladimir B. Grebenschikov, vova@express.ru > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Oct 27 4:52:26 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from black.nik.gov.pl (black.nik.gov.pl [212.160.156.114]) by hub.freebsd.org (Postfix) with SMTP id 0B6BD14F56; Wed, 27 Oct 1999 04:51:43 -0700 (PDT) (envelope-from dakuc@nik.gov.pl) Received: from green.nik.gov.pl (green.nik.gov.pl [212.160.156.122]) by black.nik.gov.pl (8.9.3+Sun/8.9.1) with ESMTP id NAA22724; Wed, 27 Oct 1999 13:51:55 +0200 (MET DST) Received: from nik.gov.pl (damtest.nik.gov.pl [172.20.11.10]) by green.nik.gov.pl with ESMTP id NAA17522; Wed, 27 Oct 1999 13:50:59 +0200 Message-ID: <3816E73A.F60D5D2D@nik.gov.pl> Date: Wed, 27 Oct 1999 13:51:23 +0200 From: Damian Kuczynski Reply-To: dakuc@nik.gov.pl X-Mailer: Mozilla 4.7 [pl] (X11; I; FreeBSD 3.3-STABLE i386) X-Accept-Language: pl, en MIME-Version: 1.0 To: hackers@freebsd.org, ipfw@freebsd.org Subject: Some modifications to natd. proposal Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello I use natd + libalias in my test network connected to internet. From my point of view main disadvantage of this program is, that i can't see what' s going on in packet alias engine, (ipfwadm -l -M, or ipfstat -s in ipfilter) so I'm working on patches to natd and libalias which give me that possibility. Can you suggest me, which informations about link should be displayed for links. When I look on alias table, I can see, that some links have non positive expire times calculated as link->expire_time-(timeStamp-link->timestamp) I think, that is a bad idea, and is possible to reinit link, even if it should be deleted from table as expired. For now links a deleted from alias table only as a result of HouseKeeping function called when packet is putted to procesing by alias engine Do links shouldn't be also checked against expirity at least when link is found in. _FindLinkIn Sorry About my Engllsh Best Regards Damian Kuczynski To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message