From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 20:12:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B85E16A4CE for ; Mon, 5 Jul 2004 20:12:54 +0000 (GMT) Received: from sleek.sleektech.nl (sleek.sleektech.nl [62.212.87.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FFA643D48 for ; Mon, 5 Jul 2004 20:12:53 +0000 (GMT) (envelope-from lists@sleektech.nl) Received: (qmail 66207 invoked from network); 5 Jul 2004 20:09:39 -0000 Received: from f91032.upc-f.chello.nl (HELO ?192.168.0.13?) (80.56.91.32) by sleek.sleektech.nl with SMTP; 5 Jul 2004 20:09:39 -0000 From: lists To: questions@freebsd.org Content-Type: text/plain Organization: Message-Id: <1089058362.3279.7.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5a) Date: 05 Jul 2004 22:12:43 +0200 Content-Transfer-Encoding: 7bit Subject: ipfw count rules to count traffic to virtual ip's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2004 20:12:54 -0000 Hello, I'm trying to setup ipfw to count traffic to each ip on the server (one interface with multiple aliased ip's) now it seems that the count rules are about the same for each ip while this isn't the truth.. 00007 7715117 6712750640 count ip from any to any via fxp0 00008 2953770 167284959 count ip from any to any in recv fxp0 00009 4761341 6545462313 count ip from any to any out xmit fxp0 00010 7707303 6712093431 count tcp from any to any via 1.1.1.1 00011 2948103 166773748 count tcp from any to any in recv 1.1.1.1 00012 4759198 6545319411 count tcp from any to any out xmit 1.1.1.1 00016 7707299 6712092983 count tcp from any to any via 2.2.2.2 00017 2948101 166773668 count tcp from any to any in recv 2.2.2.2 00018 4759195 6545319003 count tcp from any to any out xmit 2.2.2.2 00022 2842887 145092334 count tcp from any to any 80 via fxp0 As you can see the traffic for ip 1.1.1.1 and ip 2.2.2.2 are about the same while ip 2.2.2.2 is actually doing nothing (all ports are blocked cause its not active yet) What is going wrong here ? how come ipfw counts the same traffic for each ip.. Also rule 22 from "any to any 80" shows only a few hundred megs traffic while 95% of all the traffic on the server is http traffic from website's so this should be atleast around the 5GB of traffic instead of a few hundred megs.. Any idea's ?? Thanks m.