Gleb,
Thanks for reply. However as long as I run ngctl commands to create the
graph in order to catch both outgoing and incoming
traffic ipfw started work abnormally. Basically all my customers complained
that they couldn't connect to Internet.
Because I'm running bridge firewall, is this due to ng_ether and bridge(4)
bug you mentioned? Or it is something else?
Where can I find the bug info?
# uname -an
FreeBSD machine.mng.net 5.4-STABLE FreeBSD 5.4-STABLE #4: Fri Aug 12
09:58:18 ULAST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/PRXY i386
thanks,
Ganbold
At 06:28 PM 8/31/2005, you wrote:
On Wed, Aug 31, 2005 at 05:50:21PM +0900, Ganbold wrote:
G> At 08:10 PM 8/30/2005, you wrote:
G> >On Tue, Aug 30, 2005 at 07:30:09PM +0900, Ganbold wrote:
G> >G> ngctl mkpeer xl1: tee lower right
G> >G> ngctl connect xl1: xl1:lower upper left
G> >G> ngctl name xl1:lower xl1_tee
G> >G> ngctl mkpeer xl1_tee: netflow left2right iface0
G> >G> ngctl name xl1:lower.left2right netflow
G> >G> ngctl connect xl1_tee: netflow: right2left iface1
G> >G> ngctl msg netflow: setifindex { iface=0 index=2 }
G> >G> ngctl msg netflow: setifindex { iface=1 index=1 }
G> >G> ngctl mkpeer netflow: ksocket export inet/dgram/udp
G> >G> ngctl msg netflow:export connect inet/127.0.0.1:8818
G> >G>
G> >G> I'm just using second xl1 interface for ng_netflow. However when I see
G> >the
G> >G> flow data I can only see my network addresses in
G> >G> the dstIP field. Is it correct? I thought both srcIP, dstIP should
G> >contain
G> >G> my IPs, because I'm trying to catch traffic which goes both
directions
G> >of
G> >G> xl1. Is my assumption correct? If I'm wrong, how to make it work in
G> >correct
G> >G> way?
G> >
G> >No. Look at ng_ether(4) manpage, and draw your graph. You are catching
only
G> >one direction with the above script.
G>
G> OK. I see. I'm catching only incoming traffic to xl1 interface.
G> I can see it from ngctl issuing msg xl1_tee: getstats command and also
G> flowctl netflow: show command.
G>
G> I read the ng_ether man page and didn't quite get it.
G>
G> I'm including xl0 interface in similar way as xl1.
G> Is following sufficient for catching outgoing traffic?
G>
G> ngctl mkpeer xl0: tee lower right
G> ngctl connect xl0: xl0:lower upper left
G> ngctl name xl0:lower xl0_tee
G> ngctl mkpeer xl0_tee: netflow left2right iface2
G> ngctl name xl0:lower.left2right netflow0
G> ngctl msg netflow0: setifindex { iface=2 index=4 }
G> ngctl connect xl0_tee: netflow0: right2left iface3
G> ngctl msg netflow0: setifindex { iface=3 index=3 }
G> ngctl mkpeer netflow0: ksocket export inet/dgram/udp
G> ngctl msg netflow0:export connect inet/127.0.0.1:8818
Looks like correct.
G> The graph is something like:
G>
G> ng_ether
G> upper | |lower
G> left | |right
G> ng_tee
G> right2left| |left2right
G> iface0 | |iface1
G> ng_netflow
G>
G> Maybe I did something wrong. How should I do it in right way?
G> I googled and didn't find good source/samples of ng_netflow.
G>
G> thanks in advance,
G>
G> Ganbold
G>
G>
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
