Jump to content

ng_nat посмотреть трансляции, сделать настройки

IvanI
 Share

Recommended Posts

IvanI

IvanI

Posted
Posted (edited)

поставил freebsd 6.2 с ipfw шейпер ng_nat ng_netflow

все вроде работает но считается трафик с потерями и переодически начинают теряться пакеты

рестарт ipfw и нетграфа проблему с потерями решает

 

вопрос - как в ng_nate посмотреть/изменить количество трансляций

и какие возможные причины неправельного обсчета чеерз ng_netflow

 

File: ipfw.sh           Col 0              74364 bytes                                                     0%
wan_if="fxp0"
wan_adr="a.a.a.a"
lan_if="fxp1"
lan_adr="192.168.b.b"
lan="192.168.0.0/16"
inet_noshape="10.0.0.0/18"
inet="10.0.0.0/16"
flow="192.168.c.c:10000"

sysctl net.inet.ip.forwarding=0

ipfw -f flush
ipfw -f pipe flush

ngctl shutdown tee:
ngctl shutdown nat:
ngctl shutdown netflow:

ifconfig $lan_if $lan_adr/26
ifconfig $wan_if $wan_adr/27

route add default a.a.a.f
route add 192.168.0.0/16 192.168.d.d
route add 10.0.0.0/16 192.168.e.e

ntpdate 192.168.c.c

ngctl mkpeer ipfw: tee 60 left
ngctl name ipfw:60 tee
ngctl mkpeer tee: nat right out
ngctl name tee:right nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr $wan_adr

ngctl mkpeer tee: netflow left2right iface0
ngctl name tee:left2right netflow
ngctl connect tee: netflow: right2left iface1
ngctl mkpeer netflow: ksocket export inet/dgram/udp
ngctl name netflow:export ksocket
ngctl msg ksocket: connect inet/$flow

ngctl msg netflow: setdlt { iface=0 dlt=12 }
ngctl msg netflow: setifindex { iface=0 index=5 }
ngctl msg netflow: setdlt { iface=1 dlt=12 }
ngctl msg netflow: setifindex { iface=1 index=5 }

ipfw add 1 allow ip from $lan to $lan_adr in via $lan_if
ipfw add 2 allow ip from $lan_adr to $lan out via $lan_if

ipfw add 3 netgraph 60 all from $inet to any out via $wan_if
ipfw add 4 netgraph 61 all from any to $wan_adr in via $wan_if

ipfw add 5 allow ip from any to any via lo

ipfw add 16 allow ip from any to $wan_adr in via $wan_if
ipfw add 17 allow ip from $wan_adr to any out via $wan_if

ipfw add 9 deny ip from 10.0.0.0/8 to any in via $wan_if
ipfw add 10 deny ip from $wan_adr to 10.0.0.0/8 out via $wan_if
ipfw add 11 deny ip from $lan to any in via $wan_if
ipfw add 12 deny ip from $wan_adr to $lan out via $wan_if
ipfw add 13 deny ip from 172.16.0.0/12 to any in via $wan_if
ipfw add 14 deny ip from $wan_adr to 172.16.0.0/12 out via $wan_if

ipfw add 65000 deny ip from any to any

sysctl net.inet.ip.forwarding=1

ipfw add 41 allow ip from 10.0.3.160 to any in via $lan_if
ipfw add 42 allow ip from 10.0.4.243 to any in via $lan_if
ipfw add 43 allow ip from 10.0.1.82 to any in via $lan_if
ipfw add 44 allow ip from 10.0.1.106 to any in via $lan_if
ipfw add 45 allow ip from 10.0.6.37 to any in via $lan_if
ipfw add 46 allow ip from 10.0.2.16 to any in via $lan_if
ipfw add 49 deny tcp from $inet to any 25 in via $lan_if

ipfw add 50 allow ip from $inet_noshape to any in via $lan_if
ipfw add 50 allow ip from any to $inet_noshape out via $lan_if

ipfw add 60 forward 192.168.20.14 ip from 192.168.20.1 to any
ipfw add 61 allow ip from 192.168.20.1 to any out via $lan_if
ipfw add 62 forward 192.168.20.14 ip from 10.0.192.0/18 to any
ipfw add 63 allow ip from 10.0.192.0/18 to any out via $lan_if

ipfw pipe 70 config bw 1024Kbit/s queue 192KBytes
ipfw add 70 pipe 70 ip from any to 10.0.131.64/26 out via $lan_if
ipfw pipe 71 config bw 256Kbit/s queue 48KBytes
ipfw add 71 pipe 71 ip from 10.0.131.64/26 to any in via $lan_if
ipfw pipe 72 config bw 256Kbit/s queue 48KBytes
ipfw add 72 pipe 72 ip from any to 10.0.131.0/28 out via $lan_if
ipfw pipe 73 config bw 256Kbit/s queue 48KBytes
ipfw add 73 pipe 73 ip from 10.0.131.0/28 to any in via $lan_if
ipfw pipe 74 config bw 256Kbit/s queue 48KBytes
ipfw add 74 pipe 74 ip from any to 10.0.131.192/26 out via $lan_if
ipfw pipe 75 config bw 128Kbit/s queue 24KBytes
ipfw add 75 pipe 75 ip from 10.0.131.192/26 to any in via $lan_if


ipfw pipe 101 config bw 200Kbit/s queue 37KBytes
ipfw add 101 pipe 101 ip from any to 10.0.136.1 out via $lan_if
ipfw pipe 2101 config bw 200Kbit/s queue 37KBytes
ipfw add 2101 pipe 2101 ip from 10.0.136.1 to any in via $lan_if
ipfw pipe 102 config bw 200Kbit/s queue 37KBytes
ipfw add 102 pipe 102 ip from any to 10.0.136.2 out via $lan_if
ipfw pipe 2102 config bw 200Kbit/s queue 37KBytes
ipfw add 2102 pipe 2102 ip from 10.0.136.2 to any in via $lan_if
ipfw pipe 103 config bw 200Kbit/s queue 37KBytes
ipfw add 103 pipe 103 ip from any to 10.0.136.3 out via $lan_if
ipfw pipe 2103 config bw 200Kbit/s queue 37KBytes

Edited by IvanI

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.