Re: ng_netflow: testers are welcome

• Previous message: Julian Elischer: "Re: ng_netflow: testers are welcome"
• In reply to: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Next in thread: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Reply: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 24 Feb 2004 12:01:52 +0300
To: Vasenin Alexander aka BlackSir <blacksir@number.ru>

On Tue, Feb 24, 2004 at 10:46:44AM +0300, Vasenin Alexander aka BlackSir wrote:
V> > I'd be glad if you show me your current netgraph setup script. Surely
V> > I can reproduce it myself, but live example would be better than
V> > imaginary.
V>
V> Here it is(latest version - 'echotee'):

Thanks for netgraph setup script. Could you please also send important parts
of your firewall config, where packets are diverted towards netgraph?
It is important to divert only _incoming_ traffic on _particular_ interface,
otherwise netflow exports will contain some incorrect data.

V> This config assumes that packets needed to catch via ng_netflow is simply
V> diverted by ipfw rule:
V> divert 8888 ip from any to any in - or something like that
V> Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught
V> divert and reinjected in ipfw ;-)
V> but I've not tested this in production yet...

And also it is important to check that ng_ksocket reinjects packet
into the ipfw with rule number set (see Julian's mail).

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Julian Elischer: "Re: ng_netflow: testers are welcome"
• In reply to: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Next in thread: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Reply: Vasenin Alexander aka BlackSir: "RE: ng_netflow: testers are welcome"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: IPFW: combining "divert natd" with "keep-state" ... should the dynamic rules be created to match the pre-NAT ... > or post-NAT packets? ... I have found an "endless-loop problem" with ipfw when using both ... `divert' and `keep-state'/`check-state' rules. ... (FreeBSD-Security) Re: small tun(4) improvement ... DIVERT sockets in themselfes do not depend on ipfw. ... packets just fine through a diver socket even when ipfw is missing. ... (freebsd-net) Re: ng_netflow: testers are welcome ... V>> I'd be glad if you show me your current netgraph setup script. ... It is important to divert only _incoming_ traffic on _particular_ interface, ... V> This config assumes that packets needed to catch via ng_netflow is simply ... V> divert and reinjected in ipfw;-) ... (freebsd-isp) Re: ipfw limit src-addr woes ... if the keep-state rule is a skipto then the check-state will skip to.. ... (note this requires patches to allow divert from a bridge.) ... It's convoluted I know but it only diverts packets from ... how do the clients get their DNS replies if they're ... (freebsd-net) Re: ipfw limit src-addr woes ... if the keep-state rule is a skipto then the check-state will skip to.. ... (note this requires patches to allow divert from a bridge.) ... It's convoluted I know but it only diverts packets from ... how do the clients get their DNS replies if they're ... (freebsd-questions)