Date: Thu, 01 Sep 2005 13:02:01 +0900 From: Ganbold <ganbold@micom.mng.net> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: ng_netflow and bridging firewall Message-ID: <6.2.1.2.2.20050901125645.0357d9e0@202.179.0.80>
next in thread | raw e-mail | index | archive | help
Gleb, I also tried to create graph like following way: ngctl mkpeer xl1: tee lower left ngctl connect xl1: xl1:lower upper right ngctl mkpeer xl1:lower one2many left2right many0 ngctl connect xl1:lower.left2right xl1:lower many1 right2left ngctl name xl1:lower.right2left o2m ngctl mkpeer o2m: netflow one iface0 ngctl name o2m:one netflow ngctl mkpeer netflow: ksocket export inet/dgram/udp ngctl msg netflow:export connect inet/127.0.0.1:8818 I got above from http://www.unix.lviv.ua/index_rus.html?art/nf.html site. Right after it firewall didn't work again. How can I solve this problem? I don't know yet why ipfw started not to work. Is this bug of ipfw or something else? thanks, Ganbold At 06:28 PM 8/31/2005, you wrote: >On Wed, Aug 31, 2005 at 05:50:21PM +0900, Ganbold wrote: >G> At 08:10 PM 8/30/2005, you wrote: >G> >On Tue, Aug 30, 2005 at 07:30:09PM +0900, Ganbold wrote: >G> >G> ngctl mkpeer xl1: tee lower right >G> >G> ngctl connect xl1: xl1:lower upper left >G> >G> ngctl name xl1:lower xl1_tee >G> >G> ngctl mkpeer xl1_tee: netflow left2right iface0 >G> >G> ngctl name xl1:lower.left2right netflow >G> >G> ngctl connect xl1_tee: netflow: right2left iface1 >G> >G> ngctl msg netflow: setifindex { iface=0 index=2 } >G> >G> ngctl msg netflow: setifindex { iface=1 index=1 } >G> >G> ngctl mkpeer netflow: ksocket export inet/dgram/udp >G> >G> ngctl msg netflow:export connect inet/127.0.0.1:8818 >G> >G> >G> >G> I'm just using second xl1 interface for ng_netflow. However when I see >G> >the >G> >G> flow data I can only see my network addresses in >G> >G> the dstIP field. Is it correct? I thought both srcIP, dstIP should >G> >contain >G> >G> my IPs, because I'm trying to catch traffic which goes both >directions >G> >of >G> >G> xl1. Is my assumption correct? If I'm wrong, how to make it work in >G> >correct >G> >G> way? >G> > >G> >No. Look at ng_ether(4) manpage, and draw your graph. You are catching >only >G> >one direction with the above script. >G> >G> OK. I see. I'm catching only incoming traffic to xl1 interface. >G> I can see it from ngctl issuing msg xl1_tee: getstats command and also >G> flowctl netflow: show command. >G> >G> I read the ng_ether man page and didn't quite get it. >G> >G> I'm including xl0 interface in similar way as xl1. >G> Is following sufficient for catching outgoing traffic? >G> >G> ngctl mkpeer xl0: tee lower right >G> ngctl connect xl0: xl0:lower upper left >G> ngctl name xl0:lower xl0_tee >G> ngctl mkpeer xl0_tee: netflow left2right iface2 >G> ngctl name xl0:lower.left2right netflow0 >G> ngctl msg netflow0: setifindex { iface=2 index=4 } >G> ngctl connect xl0_tee: netflow0: right2left iface3 >G> ngctl msg netflow0: setifindex { iface=3 index=3 } >G> ngctl mkpeer netflow0: ksocket export inet/dgram/udp >G> ngctl msg netflow0:export connect inet/127.0.0.1:8818 > >Looks like correct. > >G> The graph is something like: >G> >G> ng_ether >G> upper | |lower >G> left | |right >G> ng_tee >G> right2left| |left2right >G> iface0 | |iface1 >G> ng_netflow >G> >G> Maybe I did something wrong. How should I do it in right way? >G> I googled and didn't find good source/samples of ng_netflow. >G> >G> thanks in advance, >G> >G> Ganbold >G> >G> > >-- >Totus tuus, Glebius. >GLEBIUS-RIPN GLEB-RIPE >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.2.20050901125645.0357d9e0>