Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Accounting

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grab3
      last edited by

      Hello! I just want to share my experience about how to count traffic on pfsense. Here is very easy and lightweight way!

      Login with shell onto your pfsense box.

      Install ipcad package:
        cd ~
        fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/ipcad-3.7.3_1.tbz
        pkg_add ipcad-3.7.3_1.tbz(it installs on clean new 1.2-RELEASE with no problems!!!)

      Then we need to configure it:
      cd /usr/local/etc/
      ee(or vi) ipcad.conf:

      (instead em0 interface put your LAN interface name, you can check it with ifconfig)
      capture-ports enable;
          interface em0 filter "ip and not dst net 192.168.0.0/16";
          aggregate 0.0.0.0/0 strip 32; /* aggregate all the addresses /
          /       how to show ports in log /
          aggregate 1-19 into 65535;
          aggregate 20-21 into 21;
          aggregate 22-23 into 22;
          aggregate 25 into 25;
          aggregate 24 into 65535;
          aggregate 26-79 into 65535;
          aggregate 80-81 into 0;
          aggregate 82-109 into 65535;
          aggregate 110 into 110;
          aggregate 111-442 into 65535;
          aggregate 443 into 443;
          aggregate 444-3127 into 65535;
          aggregate 3128 into 0;
          aggregate 3129-65535 into 65535;
          rsh enable at 127.0.0.1;
          rsh root@127.0.0.1 admin;       /       Can shutdown ipcad /
          rsh 127.0.0.1 view-only;        /       Other users can view current tables */

      Uncomment this to export NetFlow information to specified destination.

      #netflow export destination 192.168.1.3 9996;

      create file(i created it in my /root directory) tolog.sh:

      #!/bin/sh
      net="192.168"
      ttime=/usr/bin/rsh localhost sh ip acco|/usr/bin/grep 'Accounting data saved'| /usr/bin/awk '{print ($4)}'
      /usr/bin/rsh localhost clear ip accounting
      /usr/bin/rsh localhost show ip accounting checkpoint|/usr/bin/grep $net|/usr/bin/awk -v vtime=$ttime '{print (vtime".000",1,$1,"TCP_MISS/200",$4,"CONNECT",$2":"$6,"-","DIRECT/"$2,"-")}' >>/var/squid/log/access.log

      save all the changes.

      Then put tolog.sh file in cron rotation:

      crontab -e

      put this line in cron tab:
      */1 * * * * /root/tolog.sh #So it will be done every minute

      Done. Now install LightSquid from packages. Now depending on your network load you will see traffic information in Proxy Report item on your web interface.

      Have fun!

      reference http://www.opennet.ru/tips/info/1647.shtml

      1 Reply Last reply Reply Quote 0
      • A
        almuerto
        last edited by

        I was trying to do the same but cant find rsh: /usr/bin/rsh: Command not found.

        How can I install rsh?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.