From owner-freebsd-questions@freebsd.org Sun Nov 29 19:53:14 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF60EA3ACC7 for ; Sun, 29 Nov 2015 19:53:14 +0000 (UTC) (envelope-from darwinsurvivor@gmail.com) Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CB8D14E4 for ; Sun, 29 Nov 2015 19:53:14 +0000 (UTC) (envelope-from darwinsurvivor@gmail.com) Received: by pacej9 with SMTP id ej9so161480446pac.2 for ; Sun, 29 Nov 2015 11:53:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XWvb3mszl0dIMa+5BzCd75Q9AtGHbgHaACSEhk5qD84=; b=pppxo1MRYqDKUDX0JcwB6MmIyVLLHOsl2l251vYS/jlyEsK/CqSZdhjGppzaKbpPqK JvwdVOYZbwwtZFO3iho8NiV5rGLXYFFy5xLxV6GELxlIr2eJRxfYDiuDA716o2KysVZW N0S+FrRe7+dbQ+KkOmG2TTVWhpV0VAsFvPmkySi9Cbob0acb2ACg7f1WbsPmT7WrNEsc 0M11KFcVmDVPUKvPksJyZtDBBaSbu8h+YFyd3S15GSwL7sDpS1rQ9UHY5H1PHFN+jXjq VsLbFfiBmyjLMBkBfcrn/nK8+VonZVo1m/daJwozGgezygoGecMVv43GuHWAkp1AO3/U cwuQ== MIME-Version: 1.0 X-Received: by 10.66.235.100 with SMTP id ul4mr48178276pac.142.1448826794092; Sun, 29 Nov 2015 11:53:14 -0800 (PST) Received: by 10.66.15.162 with HTTP; Sun, 29 Nov 2015 11:53:14 -0800 (PST) In-Reply-To: <565B1695.6050604@artem.ru> References: <565B1695.6050604@artem.ru> Date: Sun, 29 Nov 2015 11:53:14 -0800 Message-ID: Subject: Re: Determine which user started tcp connection From: "darwinsurvivor@gmail.com" To: Artem Kuchin Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2015 19:53:14 -0000 I don't know about ipfw, but it can probably be done by monitoring netstat and looking at the UID of the process that made the connection. On Sun, Nov 29, 2015 at 7:15 AM, Artem Kuchin wrote: > Hello! > > I have a jail with shared hosting. Many sites are hosted. Each on its own > user. > I want to monitor their external connections. I allow external connections > but want to > see what's going on. > IPFW allowes easily to see all outgoing connection setups from jail, but i > cannot > see which user started it. > I googled and i see that requests to add UID to IPFW log were first in > 2008 but > i still do not see it in the version 10. > > So, is there a way to log UID and connection params (dst ip and port) ? > > Artem > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >