Перейти к содержимому


  • Публикации

  • Зарегистрирован

  • Посещение

О piston

  • Звание
  1. Чтобы знать, когда кто-то придет поддержка ip-up и ip-down скрипты будет полезна для ограничения скорости пользователей.
  2. Привет BSD гуру Кто-нибудь есть идеи, как мы можем перевести эти правила packet filter к IPFW nat и setfib. lan_net = "" int_if = "dc0" ext_if1 = "fxp0" ext_if2 = "fxp1" ext_gw1 = "" ext_gw2 = "" # nat outgoing connections on each internet interface match out on $ext_if1 from $lan_net nat-to ($ext_if1) match out on $ext_if2 from $lan_net nat-to ($ext_if2) # default deny block in block out # pass all outgoing packets on internal interface pass out on $int_if to $lan_net # pass in quick any packets destined for the gateway itself pass in quick on $int_if from $lan_net to $int_if # load balance outgoing traffic from internal network. pass in on $int_if from $lan_net \ route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } \ round-robin # keep https traffic on a single connection; some web applications, # especially "secure" ones, don't allow it to change mid-session pass in on $int_if proto tcp from $lan_net to port https \ route-to ($ext_if1 $ext_gw1) # general "pass out" rules for external interfaces pass out on $ext_if1 pass out on $ext_if2 # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2) pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1)
  3. Hello, fellow posters, As you can see from the subject, I'd like to set up a PC-based netflow v5 probe, capable of exporting information about specific source and destination ASes for the purpose of accounting. Regretfully, I didnt come to any solution, mostly because the kernel FIB, eventhough injected with a full BGP routing table, doesnt carry any BGP specific information (such as next-hop AS, src AS, dst AS, etc.). This is normal, because, at least the way I can explain it to myself, the BGP speaking daemons, be it Zebra/Quagga, Xorp or OpenBGPd are userspace programs and probably dont have a way to inject such information into the kernel FIB, that's why keep it in its own structures. My question is does any of you know of a way to achieve some sort of interaction between the BGP-speaking daemon (e.g. Quagga) and the various netflow probes to export Netflow v5 data, including src/dst AS information. Maybe some netgraph module besides ng_netflow, which I tried, but of no avail.