Re: ng_netflow and bridging firewall
From: Gleb Smirnoff (glebius_at_FreeBSD.org)
Date: 08/31/05
- Previous message: Ganbold: "Re: ng_netflow and bridging firewall"
- In reply to: Ganbold: "Re: ng_netflow and bridging firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 31 Aug 2005 13:28:48 +0400 To: Ganbold <ganbold@micom.mng.net>
On Wed, Aug 31, 2005 at 05:50:21PM +0900, Ganbold wrote:
G> At 08:10 PM 8/30/2005, you wrote:
G> >On Tue, Aug 30, 2005 at 07:30:09PM +0900, Ganbold wrote:
G> >G> ngctl mkpeer xl1: tee lower right
G> >G> ngctl connect xl1: xl1:lower upper left
G> >G> ngctl name xl1:lower xl1_tee
G> >G> ngctl mkpeer xl1_tee: netflow left2right iface0
G> >G> ngctl name xl1:lower.left2right netflow
G> >G> ngctl connect xl1_tee: netflow: right2left iface1
G> >G> ngctl msg netflow: setifindex { iface=0 index=2 }
G> >G> ngctl msg netflow: setifindex { iface=1 index=1 }
G> >G> ngctl mkpeer netflow: ksocket export inet/dgram/udp
G> >G> ngctl msg netflow:export connect inet/127.0.0.1:8818
G> >G>
G> >G> I'm just using second xl1 interface for ng_netflow. However when I see
G> >the
G> >G> flow data I can only see my network addresses in
G> >G> the dstIP field. Is it correct? I thought both srcIP, dstIP should
G> >contain
G> >G> my IPs, because I'm trying to catch traffic which goes both directions
G> >of
G> >G> xl1. Is my assumption correct? If I'm wrong, how to make it work in
G> >correct
G> >G> way?
G> >
G> >No. Look at ng_ether(4) manpage, and draw your graph. You are catching only
G> >one direction with the above script.
G>
G> OK. I see. I'm catching only incoming traffic to xl1 interface.
G> I can see it from ngctl issuing msg xl1_tee: getstats command and also
G> flowctl netflow: show command.
G>
G> I read the ng_ether man page and didn't quite get it.
G>
G> I'm including xl0 interface in similar way as xl1.
G> Is following sufficient for catching outgoing traffic?
G>
G> ngctl mkpeer xl0: tee lower right
G> ngctl connect xl0: xl0:lower upper left
G> ngctl name xl0:lower xl0_tee
G> ngctl mkpeer xl0_tee: netflow left2right iface2
G> ngctl name xl0:lower.left2right netflow0
G> ngctl msg netflow0: setifindex { iface=2 index=4 }
G> ngctl connect xl0_tee: netflow0: right2left iface3
G> ngctl msg netflow0: setifindex { iface=3 index=3 }
G> ngctl mkpeer netflow0: ksocket export inet/dgram/udp
G> ngctl msg netflow0:export connect inet/127.0.0.1:8818
Looks like correct.
G> The graph is something like:
G>
G> ng_ether
G> upper | |lower
G> left | |right
G> ng_tee
G> right2left| |left2right
G> iface0 | |iface1
G> ng_netflow
G>
G> Maybe I did something wrong. How should I do it in right way?
G> I googled and didn't find good source/samples of ng_netflow.
G>
G> thanks in advance,
G>
G> Ganbold
G>
G>
-- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Ganbold: "Re: ng_netflow and bridging firewall"
- In reply to: Ganbold: "Re: ng_netflow and bridging firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
