Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users.
Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp -> $host rdr pass log on $ext_if proto tcp to port www -> $host rdr pass log on $ext_if proto tcp to port pop3 -> $host rdr pass log on $ext_if proto tcp to port 1494 -> $host rdr pass log on $ext_if proto tcp to port 3389 -> $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. Thanks. Joel
