7ee5 Simple export netflow via netgraph - The FreeBSD Forums
The FreeBSD Forums  

Go Back   The FreeBSD Forums > Miscellaneous > Howtos & FAQs (Moderated)
Reload this Page Simple export netflow via netgraph
Register FAQ Calendar Search Today's Posts Mark Forums Read

Howtos & FAQs (Moderated) Would you like to share some of your solutions for certain problems? Tips or tricks? Post here. All new topics are automatically moderated.

Reply
 
Thread Tools Display Modes
  #1  
Old November 30th, 2008, 17:09
VS VS is offline
Junior Member
  
Join Date: Nov 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Simple export netflow via netgraph
In Kernel settings before compiling:
Code:
options		IPFIREWALL
options		NETGRAPH
options		NETGRAPH_SOCKET
options		NETGRAPH_IPFW
options		NETGRAPH_NETFLOW
options		NETGRAPH_KSOCKET
Or load next modles:
Code:
kldload ipfw.ko
kldload netgraph
kldload ng_socket
kldload ng_ipfw
kldload ng_netflow
kldload ng_ksocket
For their autoboot after restart add to /boot/loader.conf:
Code:
ipfw_load="YES"
ng_netflow_load="YES"
ng_socket_load="YES"
ng_ksocket_load="YES"
ng_ipfw_load="YES"
This modules need for setting up netraph system and subsystems
example ng_ipfw need for exchange data with ipfw and ng_ksocket need for send data to network host

In ipfw rules
Code:
ipfw add 02210 netgraph 100 ip from any to any via vlan108
ipfw add 02220 netgraph 100 ip from any to any via vlan208
This rules send packets to netgraphs ipfw node with number 100 and return to ipfw after netgraph.

Script for starting netflow:
Code:
#!/bin/sh
. /etc/rc.subr
 
name="ngnetflow"
rcvar=`set_rcvar`

load_rc_config $name
: ${ngnetflow_enable="NO"}
: ${ngnetflow_src="127.0.0.1:9999"}
: ${ngnetflow_dst="127.0.0.1:9996"}

start_cmd="ngnetflow_start"
stop_cmd="ngnetflow_stop"

ngnetflow_start() {

/usr/sbin/ngctl -f- <<-SEQ
mkpeer ipfw: netflow 100 iface0
name ipfw:100 netflow
connect ipfw: netflow: 108 out0
msg netflow: setdlt { iface=0 dlt=12 }
msg netflow: settimeouts { inactive=30 active=600 }
mkpeer netflow: ksocket export inet/dgram/udp
name netflow:export flowexp
msg flowexp: bind inet/${ngnetflow_src}
msg flowexp: connect inet/${ngnetflow_dst}
SEQ

}

ngnetflow_stop() {
/usr/sbin/ngctl -f- <<-SEQ
shutdown netflow:
SEQ
}

run_rc_command "$1"
Ipfw cookie number 100 create connect with ipfw rules and netflow subsystem, and via 108 number data return to ipfw. Setdlt command set data link type to raw IP datagrams mode, is have a Ethernet but I dont know where is used. Then setting timeouts with settimeouts, and sending netflow data to your netflow collector via ksocket.

Thats all. Thank you. And sorry for my bad English =)
Reply With Quote
Reply

Tags
netflow, netgraph, network

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple? PF question. Just learning neurosis Firewalls 11 November 20th, 2008 12:38


All times are GMT +1. The time now is 06:36.

Contact Us - FreeBSD - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
The mark FreeBSD is a registered trademark of The FreeBSD Foundation and is used by The FreeBSD Project with the permission of The FreeBSD Foundation.
Web protection and acceleration provided by CloudFlare
0