Date: Thu, 01 Sep 2005 12:55:09 +0900 From: Ganbold <ganbold@micom.mng.net> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: ng_netflow and bridging firewall Message-ID: <6.2.1.2.2.20050901124651.0357db30@202.179.0.80> In-Reply-To: <20050831092848.GI60614@cell.sick.ru> References: <6.2.1.2.2.20050830190113.035378e0@202.179.0.80> <20050830111049.GK60614@cell.sick.ru> <6.2.1.2.2.20050831173013.0355eaf0@202.179.0.80> <20050831092848.GI60614@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Gleb, Thanks for reply. However as long as I run ngctl commands to create the graph in order to catch both outgoing and incoming traffic ipfw started work abnormally. Basically all my customers complained that they couldn't connect to Internet. Because I'm running bridge firewall, is this due to ng_ether and bridge(4) bug you mentioned? Or it is something else? Where can I find the bug info? # uname -an FreeBSD machine.mng.net 5.4-STABLE FreeBSD 5.4-STABLE #4: Fri Aug 12 09:58:18 ULAST 2005 tsgan@machine.mng.net:/usr/obj/usr/src/sys/PRXY i386 thanks, Ganbold At 06:28 PM 8/31/2005, you wrote: >On Wed, Aug 31, 2005 at 05:50:21PM +0900, Ganbold wrote: >G> At 08:10 PM 8/30/2005, you wrote: >G> >On Tue, Aug 30, 2005 at 07:30:09PM +0900, Ganbold wrote: >G> >G> ngctl mkpeer xl1: tee lower right >G> >G> ngctl connect xl1: xl1:lower upper left >G> >G> ngctl name xl1:lower xl1_tee >G> >G> ngctl mkpeer xl1_tee: netflow left2right iface0 >G> >G> ngctl name xl1:lower.left2right netflow >G> >G> ngctl connect xl1_tee: netflow: right2left iface1 >G> >G> ngctl msg netflow: setifindex { iface=0 index=2 } >G> >G> ngctl msg netflow: setifindex { iface=1 index=1 } >G> >G> ngctl mkpeer netflow: ksocket export inet/dgram/udp >G> >G> ngctl msg netflow:export connect inet/127.0.0.1:8818 >G> >G> >G> >G> I'm just using second xl1 interface for ng_netflow. However when I see >G> >the >G> >G> flow data I can only see my network addresses in >G> >G> the dstIP field. Is it correct? I thought both srcIP, dstIP should >G> >contain >G> >G> my IPs, because I'm trying to catch traffic which goes both >directions >G> >of >G> >G> xl1. Is my assumption correct? If I'm wrong, how to make it work in >G> >correct >G> >G> way? >G> > >G> >No. Look at ng_ether(4) manpage, and draw your graph. You are catching >only >G> >one direction with the above script. >G> >G> OK. I see. I'm catching only incoming traffic to xl1 interface. >G> I can see it from ngctl issuing msg xl1_tee: getstats command and also >G> flowctl netflow: show command. >G> >G> I read the ng_ether man page and didn't quite get it. >G> >G> I'm including xl0 interface in similar way as xl1. >G> Is following sufficient for catching outgoing traffic? >G> >G> ngctl mkpeer xl0: tee lower right >G> ngctl connect xl0: xl0:lower upper left >G> ngctl name xl0:lower xl0_tee >G> ngctl mkpeer xl0_tee: netflow left2right iface2 >G> ngctl name xl0:lower.left2right netflow0 >G> ngctl msg netflow0: setifindex { iface=2 index=4 } >G> ngctl connect xl0_tee: netflow0: right2left iface3 >G> ngctl msg netflow0: setifindex { iface=3 index=3 } >G> ngctl mkpeer netflow0: ksocket export inet/dgram/udp >G> ngctl msg netflow0:export connect inet/127.0.0.1:8818 > >Looks like correct. > >G> The graph is something like: >G> >G> ng_ether >G> upper | |lower >G> left | |right >G> ng_tee >G> right2left| |left2right >G> iface0 | |iface1 >G> ng_netflow >G> >G> Maybe I did something wrong. How should I do it in right way? >G> I googled and didn't find good source/samples of ng_netflow. >G> >G> thanks in advance, >G> >G> Ganbold >G> >G> > >-- >Totus tuus, Glebius. >GLEBIUS-RIPN GLEB-RIPE >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.2.20050901124651.0357db30>