ipfw doesn't count using pen+jails

[networker_]

Hello,

How is the way for count bytes that in and out from my jails in my FreeBSD box? I'm using pen for load balancing. I'm using somthing like this:

ipfw -q add 1 count tcp from $jailIP to me 80 in via em0
ipfw -q add 2 count tcp from me 80 to $jailIP out via em0
ipfw -q add 3 allow ip from any to any 80 via em0 keep-state

But my ipfw show shows just counts for rule 3, and rules 1 and 2 are in 0.

What I am missing?

Thanks.

 

[pelmen]

Why you don't want to use jail in ipfw?

ipfw -q add count tcp from me to any [color="Red"]jail[/color] 1

 

[samu]

And if you still don't want to use the jail keyword, you have to make sure that you also count external traffic with ipfw. Your rules:

ipfw -q add 1 count tcp from $jailIP to me 80 in via em0
ipfw -q add 2 count tcp from me 80 to me $jailIP out via em0

count only internal traffic (from your box to your box itself). Try:

ipfw -q add 1 count tcp from any to $jailIP 80 via em0
ipfw -q add 2 count tcp from $jailIP to any 80 via em0

But still, I think that using the 'jail' keyword is a better idea.

 

[fbsd1]

You can not run ipfw inside of a jail. Jails use the host's network and have no network of their own. A jail is not a virtual machine.

 

[networker_]

The jail keyword has saved my life