Re: ng_nat+ng_netflow+mpd4 - ?

[[EMAIL PROTECTED]]

В Птн, 28/09/2007 в 08:12 +0300, Alexander Motin пишет: 
> [EMAIL PROTECTED] пишет:
> > I want to count ALL traffic pass trought my gateway, but tool's such as
> > softflowd I don't want to use because there is already ng_netflow and I
> > want use nat from netgraph, may I :)?
> 
> > options NETGRAPH
> ...
> > options         NETGRAPH_TCPMSS
> 
> You do not need to build it statically. All of them can be loaded as 
> modules.

ok 

> > flow-capture + ng_netflow + this script working fine 
> > #ngctl -f /ng_netflow
> > #cat /ng_netflow
> > mkpeer rl1: tee lower left
> > name rl1:lower tee0
> > connect rl1: rl1:lower upper right
> > mkpeer tee0: one2many left2right many0
> > name tee0:left2right one2many0
> > connect tee0:  one2many0: right2left many1
> > mkpeer one2many0: netflow one iface0
> > name one2many0:one netflow
> > mkpeer netflow: ksocket export inet/dgram/udp
> > msg netflow: setifindex { iface=0 index=2 }
> > msg netflow:export connect inet/127.0.0.1:2222
> 
> It looks overcomplicated to me. There is no need to use tee and one2many 
> there as ng_netflow supports passing traffic via it and supports 
> multiple interfaces. It can be connected just to the interface 
> upper/lower hooks. If you REALLY wish to count both directions on ALL 
> interfaces (and have double traffic accounting) you could connect 
> netflow node twice in different directions.

I use example.
Can you help me to build script to run ng_nat+ng_netflow?


> >        /sbin/ipfw add 110 ngtee 30 ip from any to any out via ng*
> >        /sbin/ipfw add 111 ngtee 30 ip from any to any in via ng*
> 
> If you are using mpd4 to operate ng inetrfaces then you can just use 
> it's internal ng_netflow support.
> 
> >         /sbin/ipfw add 200 netgraph 71 all from not $LOCAL_NET to
> > $EXT_IP out via rl1
> >         /sbin/ipfw add 201 netgraph 70 all from $LOCAL_NET to not
> > $LOCAL_NET in via rl1     
> 
> Recheck twice IP in those rules. What you mean by them?

When I read man ng_nat theare is exaple, I use it to build script.

There is My network:
isp-network(192.168.128.0) <<-getway Internet(192.168.100.1) ---
192.168.100.99|FreeBSD6.2|10.11.2.1 -->>local network 10.11.2.0/24

I use it to build only ng_nat:

# cat /usr/local/etc/rc.d/ng_nat.sh 
#!/bin/sh 
ngctl="/usr/sbin/ngctl " 
ipfw="/sbin/ipfw " 
ifconfig="/sbin/ifconfig " 
tcpdumt="/usr/sbin/tcpdump" 
nat_ip="192.168.100.99" 
$ngctl mkpeer ipfw: nat 60 out 
$ngctl name ipfw:60 nat 
$ngctl connect ipfw: nat: 61 in 
$ngctl msg nat: setaliasaddr $nat_ip 
$ipfw add 10 skipto 65400 ip from 192.168.100.1 to me 
$ipfw add 300 netgraph 61 all from any to me in via rl1 
$ipfw add 400 netgraph 60 all from 10.11.2.0/24 to not me out via rl1 
$ipfw add 500 fwd 192.168.100.1 all from me to any 
$ipfw delete 10 
sleep 60
$ngctl list >/ng_nat/ngctllist 
$ipfw show>/ng_nat/ipfwshow 
$ifconfig >/ng_nat/ifconfig 
$ipfw -f flush

# pfctl -d 
pfctl: pf not enabled

#cat {ngctl list >}/ng_nat/ngctllist
There are 5 total nodes: 
  Name: ngctl1095       Type: socket          ID: 00000009   Num hooks:
0 
  Name: nat             Type: nat             ID: 00000005   Num hooks:
2 
  Name: ipfw            Type: ipfw            ID: 00000003   Num hooks:
2 
  Name: rl1             Type: ether           ID: 00000002   Num hooks:
0 
  Name: rl0             Type: ether           ID: 00000001   Num hooks:
0

#cat {ipfw show>}/ng_nat/ipfwshow

00300 202 12523 netgraph 61 ip from any to me in via rl1 
00400 161  8057 netgraph 60 ip from 10.11.2.0/24 to not me out via rl1 
00500 174  8963 fwd 192.168.100.1 ip from me to any 
65400 504 26548 allow ip from any to any 
65535   2    56 allow ip from any to any

#cat {ifconfig >}/ng_nat/ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 
        options=8<VLAN_MTU> 
        inet 10.11.2.1 netmask 0xffffff00 broadcast 10.11.2.255 
        ether 00:a1:b0:01:05:71 
        media: Ethernet autoselect (100baseTX <full-duplex>) 
        status: active 
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 
        options=8<VLAN_MTU> 
        inet 192.168.100.99 netmask 0xffffff00 broadcast
192.168.100.255 
        ether 00:01:29:76:0f:cd 
        media: Ethernet autoselect (100baseTX <full-duplex>) 
        status: active 
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 
pfsync0: flags=0<> mtu 2020 
        syncpeer: 224.0.0.240 maxupd: 128 
pflog0: flags=0<> mtu 33208 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000

run tcpdump on 192.168.100.1 (getway to Internet and other network) when
run script 
# tcpdump -i eth1 -f 
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode 
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 
22:30:22.430329 arp who-has 192.168.100.1 tell 192.168.100.99 
22:30:22.438397 arp reply 192.168.100.1 is-at 00:30:4f:25:7a:b1 (oui
Unknown) 
22:30:22.430367 IP 10.11.2.3 > 192.168.100.1: ICMP echo request, id 512,
seq 44033, length 40 
22:30:22.931140 IP 10.11.2.3 > 192.168.128.2: ICMP echo request, id 512,
seq 44289, length 40 
22:30:23.381425 IP 192.168.100.99.59543 > 10.11.25.1.domain: 54371
notify [b2&3=0x2400] [1a] SOA? 25.11.10.in-addr.arpa. (95) 
22:30:23.438366 IP 10.11.25.1.domain > 192.168.100.99.59543: 54371
notify* 0/0/0 (39) 
22:30:23.881984 IP 192.168.100.99.59543 > 10.11.25.1.domain: 38578
notify [b2&3=0x2400] [1a] SOA? skyhome. (74) 
22:30:24.181110 IP 10.11.25.1.domain > 192.168.100.99.59543: 38578
notify* 0/0/0 (25) 
22:30:27.930042 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 45825, length 40 
22:30:27.930128 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 45825, length 40 
22:30:28.430049 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
46337, length 40 
22:30:28.430123 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 46081, length 40 
22:30:28.430921 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 46081, length 40 
22:30:28.436810 arp who-has 192.168.100.99 tell 192.168.100.1 
22:30:28.436913 arp reply 192.168.100.99 is-at 00:01:29:76:0f:cd (oui
Unknown) 
22:30:33.429858 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 46593, length 40 
22:30:33.429945 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 46593, length 40 
22:30:33.929773 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
46849, length 40 
22:30:33.929850 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 47105, length 40 
22:30:33.930216 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 47105, length 40 
22:30:38.929631 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 47361, length 40 
22:30:38.929698 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 47361, length 40 
22:30:39.429559 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
47617, length 40 
22:30:39.429672 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 47873, length 40 
22:30:44.429404 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 48129, length 40 
22:30:44.429475 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 48129, length 40 
22:30:44.929344 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
48385, length 40 
22:30:44.929468 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 48641, length 40 
22:30:44.929880 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 48641, length 40 
22:30:49.929176 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 48897, length 40 
22:30:49.929246 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 48897, length 40 
22:30:50.429144 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
49153, length 40 
22:30:50.429266 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 49409, length 40 
22:30:50.494074 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 49409, length 40 
22:30:55.428970 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 49665, length 40 
22:30:55.429060 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 49665, length 40 
22:30:55.928922 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
49921, length 40 
22:30:55.928996 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 50177, length 40 
22:30:55.929427 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 50177, length 40 
22:31:00.427013 arp who-has 192.168.100.99 tell 192.168.100.1 
22:31:00.427151 arp reply 192.168.100.99 is-at 00:01:29:76:0f:cd (oui
Unknown) 
22:31:00.928744 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 50433, length 40 
22:31:00.928814 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 50433, length 40 
22:31:01.428737 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
50689, length 40 
22:31:01.428853 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 50945, length 40 
22:31:01.429186 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 50945, length 40 
22:31:04.731353 IP 192.168.100.99.1036 > 192.168.100.1.domain: 64927+ A?
login.icq.com. (31) 
22:31:04.731427 IP 192.168.100.1 > 192.168.100.99: ICMP 192.168.100.1
udp port domain unreachable, length 67 
22:31:05.731305 IP 192.168.100.99.1036 > 192.168.128.2.domain: 64927+ A?
login.icq.com. (31) 
22:31:05.732547 IP 192.168.128.2.domain > 192.168.100.99.1036: 64927
2/4/0 CNAME[|domain] 
22:31:06.428548 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 51201, length 40 
22:31:06.428621 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 51201, length 40 
22:31:06.731233 IP 192.168.100.99.1036 > 192.168.100.1.domain: 64927+ A?
login.icq.com. (31) 
22:31:06.731316 IP 192.168.100.1 > 192.168.100.99: ICMP 192.168.100.1
udp port domain unreachable, length 67 
22:31:06.928525 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
51457, length 40 
22:31:06.928640 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 51713, length 40 
22:31:06.929187 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 51713, length 40 
22:31:08.731195 IP 192.168.100.99.1036 > 192.168.100.1.domain: 64927+ A?
login.icq.com. (31) 
22:31:08.731259 IP 192.168.100.1 > 192.168.100.99: ICMP 192.168.100.1
udp port domain unreachable, length 67 
22:31:08.731276 IP 192.168.100.99.1036 > 192.168.128.2.domain: 64927+ A?
login.icq.com. (31) 
22:31:08.732343 IP 192.168.128.2.domain > 192.168.100.99.1036: 64927
2/4/0 CNAME[|domain] 
22:31:11.928333 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 51969, length 40 
22:31:11.928420 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 51969, length 40 
22:31:12.428298 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
52225, length 40 
22:31:12.428371 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 52481, length 40 
22:31:12.428696 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 52481, length 40 
22:31:12.731006 IP 192.168.100.99.1036 > 192.168.100.1.domain: 64927+ A?
login.icq.com. (31) 
22:31:12.731068 IP 192.168.100.1 > 192.168.100.99: ICMP 192.168.100.1
udp port domain unreachable, length 67 
22:31:12.731086 IP 192.168.100.99.1036 > 192.168.128.2.domain: 64927+ A?
login.icq.com. (31) 
22:31:12.731903 IP 192.168.128.2.domain > 192.168.100.99.1036: 64927
2/4/0 CNAME[|domain] 
22:31:17.428112 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 52737, length 40 
22:31:17.428182 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 52737, length 40 
22:31:17.928064 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
52993, length 40 
22:31:17.928203 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 53249, length 40 
22:31:17.928804 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 53249, length 40 
22:31:22.927909 IP 192.168.100.99 > 192.168.100.1: ICMP echo request, id
512, seq 53505, length 40 
22:31:22.927980 IP 192.168.100.1 > 192.168.100.99: ICMP echo reply, id
512, seq 53505, length 40 
22:31:23.427881 IP 10.11.2.1 > 10.11.2.3: ICMP echo reply, id 512, seq
53761, length 40 
22:31:23.428004 IP 192.168.100.99 > 192.168.128.2: ICMP echo request, id
512, seq 54017, length 40 
22:31:23.428295 IP 192.168.128.2 > 192.168.100.99: ICMP echo reply, id
512, seq 54017, length 40 
22:31:28.427666 IP 10.11.2.3 > 192.168.100.1: ICMP echo request, id 512,
seq 54273, length 40 
22:31:28.927667 IP 10.11.2.3 > 192.168.128.2: ICMP echo request, id 512,
seq 54785, length 40 

82 packets captured 
82 packets received by filter 
0 packets dropped by kernel


# sysctl -a | grep one_pass 
net.inet.ip.fw.one_pass: 0
# ps awx | grep natd 
1172 p0 R+ 0:00.00 grep natd



_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"