ng_nat+ng_netflow+mpd4 - ?
Alexander Motin
mav at FreeBSD.org
Thu Sep 27 22:12:18 PDT 2007
wel at skm.net.ua пишет:
> I want to count ALL traffic pass trought my gateway, but tool's such as
> softflowd I don't want to use because there is already ng_netflow and I
> want use nat from netgraph, may I :)?
> options NETGRAPH
...
> options NETGRAPH_TCPMSS
You do not need to build it statically. All of them can be loaded as
modules.
> flow-capture + ng_netflow + this script working fine
> #ngctl -f /ng_netflow
> #cat /ng_netflow
> mkpeer rl1: tee lower left
> name rl1:lower tee0
> connect rl1: rl1:lower upper right
> mkpeer tee0: one2many left2right many0
> name tee0:left2right one2many0
> connect tee0: one2many0: right2left many1
> mkpeer one2many0: netflow one iface0
> name one2many0:one netflow
> mkpeer netflow: ksocket export inet/dgram/udp
> msg netflow: setifindex { iface=0 index=2 }
> msg netflow:export connect inet/127.0.0.1:2222
It looks overcomplicated to me. There is no need to use tee and one2many
there as ng_netflow supports passing traffic via it and supports
multiple interfaces. It can be connected just to the interface
upper/lower hooks. If you REALLY wish to count both directions on ALL
interfaces (and have double traffic accounting) you could connect
netflow node twice in different directions.
> /sbin/ipfw add 110 ngtee 30 ip from any to any out via ng*
> /sbin/ipfw add 111 ngtee 30 ip from any to any in via ng*
If you are using mpd4 to operate ng inetrfaces then you can just use
it's internal ng_netflow support.
> /sbin/ipfw add 200 netgraph 71 all from not $LOCAL_NET to
> $EXT_IP out via rl1
> /sbin/ipfw add 201 netgraph 70 all from $LOCAL_NET to not
> $LOCAL_NET in via rl1
Recheck twice IP in those rules. What you mean by them?
--
Alexander Motin
More information about the freebsd-net
mailing list