From owner-freebsd-questions  Tue Jan 29 17:59:50 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP
	id 28E0837B400; Tue, 29 Jan 2002 17:59:47 -0800 (PST)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id 854FD2B74A; Wed, 30 Jan 2002 02:59:42 +0100 (CET)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id 0D11A348; Wed, 30 Jan 2002 12:59:38 +1100 (EST)
Date: Wed, 30 Jan 2002 12:59:38 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc: questions@FreeBSD.ORG
Subject: Re: ipfw + natd
Message-ID: <20020130125938.Y823@k7.mavetju.org>
References: <001f01c1a906$b5cb9300$0200a8c0@mdrjr.net> <20020130123005.X823@k7.mavetju.org> <20020129175155.M79208@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020129175155.M79208@blossom.cjclark.org>; from cjc@FreeBSD.ORG on Tue, Jan 29, 2002 at 05:51:55PM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, Jan 29, 2002 at 05:51:55PM -0800, Crist J. Clark wrote:
> On Wed, Jan 30, 2002 at 12:30:05PM +1100, Edwin Groothuis wrote:
> > On Tue, Jan 29, 2002 at 06:36:46PM -0200, Mauro Dias wrote:
> > > I'm using natd and ipfw to allow my intranet (192.168.0.0/24) to access
> > > internet.
> > > internet interface: rl2
> > > intranet interface rl1
> > > not using interface: rl0 (hehe)
> > > 
> > > I'm using FreeBSD-4.5RC
> > > 
> > > can someone tell how do i see what users in 192.168.0.0/24 are doing ?
> > > something like netstat -M ?
> > 
> > If you add keep-state to your ipfw-rules you will get a line in
> > the ipfw -a l output for every tcp connection.
> > 
> > Or try trafshow (don't run it as root, it's leaking descriptors). See
> > http://www.mavetju.org/unix/tcpdumpmortals.php how to configure
> > your system so normal users can run things like trafshow without
> > needing root-access.
> 
> Nothing complicated, one just needs read access to /dev/bpf* to sniff
> away.

Exactly. How often have users asked their administrator for the
root-password because they didn't know this. And how many administrators
have given them the root password because they didn't know how to
do it properly?

Edwin

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message