From owner-freebsd-net@FreeBSD.ORG  Thu Sep 27 22:28:20 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 265FF16A419
	for <freebsd-net@freebsd.org>; Thu, 27 Sep 2007 22:28:20 +0000 (UTC)
	(envelope-from wel@skm.net.ua)
Received: from mail.skm.net.ua (skm.sat.poltava.ua [193.109.248.245])
	by mx1.freebsd.org (Postfix) with ESMTP id 8548013C459
	for <freebsd-net@freebsd.org>; Thu, 27 Sep 2007 22:28:18 +0000 (UTC)
	(envelope-from wel@skm.net.ua)
Received: from [193.238.152.25] by mail.skm.net.ua with esmtpa (Exim 4.63)
	(envelope-from <wel@skm.net.ua>) id 1Ib4cj-0006jm-Py
	for freebsd-net@freebsd.org; Fri, 28 Sep 2007 01:26:35 +0000
From: "wel@skm.net.ua" <wel@skm.net.ua>
To: freebsd-net@freebsd.org
In-Reply-To: <20070731120013.285EE16A4E1@hub.freebsd.org>
References: <20070731120013.285EE16A4E1@hub.freebsd.org>
Content-Type: text/plain
Message-Id: <1190638009.11029.14.camel@localhost>
Mime-Version: 1.0
Date: Thu, 27 Sep 2007 17:52:09 +0300
X-Mailer: Evolution 2.10.3 
Content-Transfer-Encoding: 7bit
Subject: ng_nat+ng_netflow+mpd4 - ?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: wel@skm.net.ua
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2007 22:28:20 -0000

Hello
I want to count ALL traffic pass trought my gateway, but tool's such as
softflowd I don't want to use because there is already ng_netflow and I
want use nat from netgraph, may I :)?

I have:
#ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 10.11.2.1 netmask 0xffffff00 broadcast 10.11.2.255
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.100.99 netmask 0xffffff00 broadcast 192.168.100.255
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
pfsync0: flags=0<> mtu 2020
        syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=0<> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 

# uname -r
6.2-RELEASE-p7
rl0 - local network
rl1 - internet

#cat KERNEL

options LIBALIAS
options NETGRAPH
options NETGRAPH_ASYNC 
options NETGRAPH_BPF 
options NETGRAPH_BRIDGE 
options NETGRAPH_CISCO 
options NETGRAPH_DEVICE 
options NETGRAPH_ECHO 
options NETGRAPH_EIFACE 
options NETGRAPH_ETHER 
options NETGRAPH_GIF 
options NETGRAPH_GIF_DEMUX 
options NETGRAPH_TAG 
options NETGRAPH_TCPMSS 
options NETGRAPH_FEC 
options NETGRAPH_HOLE 
options NETGRAPH_IFACE 
options NETGRAPH_IP_INPUT 
options NETGRAPH_KSOCKET 
options NETGRAPH_L2TP 
options NETGRAPH_LMI 
options NETGRAPH_NETFLOW 
options NETGRAPH_ONE2MANY 
options NETGRAPH_PPP 
options         NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_PPPOE 
options NETGRAPH_PPTPGRE 
options NETGRAPH_RFC1490 
options NETGRAPH_SOCKET 
options NETGRAPH_SPLIT 
options NETGRAPH_TEE 
options NETGRAPH_TTY 
options NETGRAPH_UI 
options NETGRAPH_VJC
options         NETGRAPH
options         NETGRAPH_IPFW
options         NETGRAPH_NAT
options         NETGRAPH_NETFLOW
options         NETGRAPH_SPLIT
options         NETGRAPH_KSOCKET
options         NETGRAPH_SOCKET
options         NETGRAPH_IFACE
options         NETGRAPH_TCPMSS


flow-capture + ng_netflow + this script working fine 
#ngctl -f /ng_netflow
#cat /ng_netflow
mkpeer rl1: tee lower left
name rl1:lower tee0
connect rl1: rl1:lower upper right
mkpeer tee0: one2many left2right many0
name tee0:left2right one2many0
connect tee0:  one2many0: right2left many1
mkpeer one2many0: netflow one iface0
name one2many0:one netflow
mkpeer netflow: ksocket export inet/dgram/udp
msg netflow: setifindex { iface=0 index=2 }
msg netflow:export connect inet/127.0.0.1:2222

I find this script:
When I apply ipfw rules my coputer lost network. I mixed in rules in/out
and 70/71. But nat+netflow don't working. I use  ipfw-rules only 200 and
201, but it's doesn't working:

/sbin/ipfw add 110 ngtee 30 ip from any to any out via ng*
/sbin/ipfw add 111 ngtee 30 ip from any to any in via ng*
/sbin/ipfw add 200 netgraph 71 all from not $LOCAL_NET to $EXT_IP out
via rl1
/sbin/ipfw add 201 netgraph 70 all from $LOCAL_NET to not $LOCAL_NET in
via rl1     





#!/bin/sh
        EXT_IP="192.168.100.99"
        LOCAL_NET="10.11.2.0/24"

             /usr/sbin/ngctl mkpeer ipfw: nat 70 out
            /usr/sbin/ngctl name ipfw:70 nat
            /usr/sbin/ngctl connect ipfw: nat: 71 in
            /usr/sbin/ngctl msg nat: setaliasaddr $EXT_IP
            /usr/sbin/ngctl mkpeer ipfw: netflow 30 iface0
            /usr/sbin/ngctl name ipfw:30 netflow
            /usr/sbin/ngctl msg netflow: setdlt {iface=0 dlt=12}
            /usr/sbin/ngctl msg netflow: setifindex {iface=0 index=1}

            /usr/sbin/ngctl mkpeer netflow: ksocket export
inet/dgram/udp
            /usr/sbin/ngctl msg netflow:export connect
inet/127.0.0.1:2222
       
        /sbin/ipfw add 6400 allow all from any to any
        /sbin/sysctl net.inet.ip.fw.one_pass=0
       /sbin/ipfw add 110 ngtee 30 ip from any to any out via ng*
       /sbin/ipfw add 111 ngtee 30 ip from any to any in via ng*
        /sbin/ipfw add 200 netgraph 71 all from not $LOCAL_NET to
$EXT_IP out via rl1
        /sbin/ipfw add 201 netgraph 70 all from $LOCAL_NET to not
$LOCAL_NET in via rl1     
        /usr/local/bin/flow-capture -n 287 -w /var/db/flows/
0.0.0.0/127.0.0.1/2222