From owner-freebsd-net@FreeBSD.ORG  Mon Jan 17 21:41:56 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14D8516A4CE
	for <freebsd-net@freebsd.org>; Mon, 17 Jan 2005 21:41:56 +0000 (GMT)
Received: from borgtech.ca (borgtech.ca [216.187.106.216])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C530543D4C
	for <freebsd-net@freebsd.org>; Mon, 17 Jan 2005 21:41:55 +0000 (GMT)
	(envelope-from asegu@borgtech.ca)
Received: from asegulaptop (unknown [161.53.212.129])
	by borgtech.ca (Postfix) with ESMTP id 4C5DC54A5
	for <freebsd-net@freebsd.org>; Mon, 17 Jan 2005 21:45:49 +0000 (GMT)
From: "Andrew Seguin" <asegu@borgtech.ca>
To: <freebsd-net@freebsd.org>
Date: Mon, 17 Jan 2005 22:41:16 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <8eea0408050117132657045645@mail.gmail.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcT828U32i/48qgjTvewwLmjC94+rAAADjfA
Message-Id: <20050117214549.4C5DC54A5@borgtech.ca>
Subject: RE: Network accounting
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2005 21:41:56 -0000

-----Original Message-----
From: Jon Simola [mailto:jsimola@gmail.com] 
Sent: Monday, January 17, 2005 10:27 PM
To: Andrew Seguin; freebsd-net@freebsd.org
Subject: Re: Network accounting
...
>What I was doing with the same setup:
>$IPFW pipe 1 config mask src-ip 0xffffffff buckets 512
>$IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512
>$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged
>$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged
...

I don't understand how this system will allow me to log traffic by-ip
without addition of 256 rules?

I already have counts of my up & down traffic. Actually, I have a bypass
rule for 'normal' traffic (web/email/dns/icmp/etc), and then a pipe to
control bandwidth (mainly because of downloaders). With some scripting, the
server maintains a csv of in/out/abnormal (in+out). But I criticaly need
per-ip and highly need per-protocol (major ones at least).


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005