I have a small LAN with three computers on it, and a fourth operating as a
gateway.  The gateway runs natd/ipfw to provide Internet access to the
internal systems.  I have several public IP addresses so all four systems
are addigned a public IP and a natd 'redirect_address' is used to divert
appropriate traffic to the internal systems.  I use ipfw to firewall what
can get there.  So far so good.  Works.  Works well.

Problem now is that I want to do some traffic monitoring and track the
traffic diverted to each of the internal systems.  I thought I could simply
do this using something like:

  ipfw add 50 count all from any to {address1}
  ipfw add 50 count all from {address1} to any
  ipfw add 50 count all from any to {address2}
  ipfw add 50 count all from {address2} to any
   ...etc...

Having done this I can see that the incoming traffic is counted fine but
outgoing is not... probably because it shows the private (192.168.x.x)
address as the origin.  I don't really want to count all the traffic on the
internal network because there is a lot there that I am not interested in --
just what goes in and out to the Internet.

Can anyone suggest how I may be able to get around this?

Thanks
Don