[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP accounting.



Derrick MacPherson wrote:

My setup:

Just about to upgrade the OS from openbsd 2.9 running ipf, to 3.2
running pf.

Upgrade to 3.3beta! It's stable and has more features!

		internet
		   |		firewall
		// | \\ (internal networks, each on it's own interface
plus DMZ)


My quest(ion):


I need to track all traffic from each internal network (interfaces de0,
de1, de2 and de3) to and from the internet, plus traffic to and from the
internet for the 2 servers in the DMZ. There is 2 companies, each with a
server in the DMZ, and I need to be able to show for billing the
companies total traffic (in + out for their network + their server in
the DMZ), if I could show incoming and outgoing that would be awesome,
but not absolutely mission critical	

What software would you people recommend? I know of ipaudit and ipa, not
sure if they are the right tool, but am looking for any and all input.

There is probably many ways to do that.
Like looking at rule counters.

One thing new in 3.3 that might be useful, is to use the
new table feature and the in/out counters in it.

For example, you could do something like that:

  table <dmz> persist { $ip_dmz_a, $ip_dmz_b }
  pass out on $dmz_if from any to <dmz>
  pass in on $dmz_if from <dmz> to any

After that, doing a "pfctl -t dmz -vvTs" will
give you in/out statistics of your 2 servers usage
in the DMZ. You could do that every day.
Reloading your ruleset will not kill the statistics data.

Cedric