From owner-freebsd-net@FreeBSD.ORG Fri Sep 28 05:12:18 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A15D416A419 for ; Fri, 28 Sep 2007 05:12:18 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.freebsd.org (Postfix) with ESMTP id 29E9B13C44B for ; Fri, 28 Sep 2007 05:12:17 +0000 (UTC) (envelope-from mav@FreeBSD.org) X-Spam-Flag: SKIP X-Spam-Yversion: Spamooborona 1.7.0 Received: from [212.86.226.226] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.1.10) with ESMTPA id 34089473; Fri, 28 Sep 2007 08:12:17 +0300 Message-ID: <46FC8D30.7030708@FreeBSD.org> Date: Fri, 28 Sep 2007 08:12:16 +0300 From: Alexander Motin User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: wel@skm.net.ua References: <20070731120013.285EE16A4E1@hub.freebsd.org> <1190942604.00806258.1190932201@10.7.7.3> In-Reply-To: <1190942604.00806258.1190932201@10.7.7.3> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: ng_nat+ng_netflow+mpd4 - ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Sep 2007 05:12:18 -0000 wel@skm.net.ua пишет: > I want to count ALL traffic pass trought my gateway, but tool's such as > softflowd I don't want to use because there is already ng_netflow and I > want use nat from netgraph, may I :)? > options NETGRAPH ... > options NETGRAPH_TCPMSS You do not need to build it statically. All of them can be loaded as modules. > flow-capture + ng_netflow + this script working fine > #ngctl -f /ng_netflow > #cat /ng_netflow > mkpeer rl1: tee lower left > name rl1:lower tee0 > connect rl1: rl1:lower upper right > mkpeer tee0: one2many left2right many0 > name tee0:left2right one2many0 > connect tee0: one2many0: right2left many1 > mkpeer one2many0: netflow one iface0 > name one2many0:one netflow > mkpeer netflow: ksocket export inet/dgram/udp > msg netflow: setifindex { iface=0 index=2 } > msg netflow:export connect inet/127.0.0.1:2222 It looks overcomplicated to me. There is no need to use tee and one2many there as ng_netflow supports passing traffic via it and supports multiple interfaces. It can be connected just to the interface upper/lower hooks. If you REALLY wish to count both directions on ALL interfaces (and have double traffic accounting) you could connect netflow node twice in different directions. > /sbin/ipfw add 110 ngtee 30 ip from any to any out via ng* > /sbin/ipfw add 111 ngtee 30 ip from any to any in via ng* If you are using mpd4 to operate ng inetrfaces then you can just use it's internal ng_netflow support. > /sbin/ipfw add 200 netgraph 71 all from not $LOCAL_NET to > $EXT_IP out via rl1 > /sbin/ipfw add 201 netgraph 70 all from $LOCAL_NET to not > $LOCAL_NET in via rl1 Recheck twice IP in those rules. What you mean by them? -- Alexander Motin