[FUG-BR] modulo do kernel - exemplo de pffil_hooks

Nenhum _de_Nos matheusber em gmail.com
Terça Julho 18 21:38:45 BRT 2006 

On 7/18/06, Christopher Giese - iRapida <chris em irapida.com.br> wrote:
> opa
>
> um count para pf:
>
> ##################
> Upload pfctl -v -sr|grep "from ipqueVOCEquer" -A 1|grep Bytes|awk
> '{print $7}'
>
> Download pfctl -v -sr|grep "to ipqueVOCEquer" -A 1|grep Bytes|awk
> '{print $7}'
> ##################
>
> usar os 2 ao mesmo tempo sem problemas..... (claro desde que vc nao
> tenha 2000 regras em cada um - rs)
>
> estou trabalhando na ideia do Diego........ ipfw + snmp.. deu uma
> googleada e achei como montar.....
>
> a ideia
> http://www.sat.t.u-tokyo.ac.jp/~hideyuki/ipfwsnmp.html
>
> o script
> http://www.sat.t.u-tokyo.ac.jp/~hideyuki/ipfwsnmp
>
> Funcionou 100%.... muito legal mesmo
>
> mas para mim nao pode ser com ipfw... tem que ser com pf..... entaum
> estou portando o ipfwsnmp  para pf.... assim que estiver funcional eu
> distribui na net
>
> :)
>
> t+
>

nao retornou nada aqui estas consultas :(

na minha solucao:

DSL --bridge-- FreeBSD ( NAT ) -------- FreeBSD ( lim trafego ) ----- Rede

em nenhum dos dois tem resultado ... :(

ha saida, mas nada nos ips da rede 192.168.254.0/24.

saida: ( FreeBSD com NAT )

[root em valfenda ~]# pfctl -v -sr
block drop in on tun0 inet from 201.x.x.x to any
  [ Evaluations: 11735803  Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.xxxo any port 10000:11000
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.x.x.x.x to any port 11001:11600
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.x.x.x.x to any port 8000:8100
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.x.x.x.x to any port 5010:5019
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.x.x.x.x to any port 5020:5029
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto tcp from 201.x.x.x.x to any port 15000:15500
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 10000:11000
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 11001:11600
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 8000:8100
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 5010:5019
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 5020:5029
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on tun0 inet proto udp from 201.x.x.x.x to any port 15000:15500
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
pass in on rl0 all
  [ Evaluations: 10378505  Packets: 5080445   Bytes: 1233312838  States: 0     ]

e ha regras de nat:

nat on tun0 inet from 192.168.254.10 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.100 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.251 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.12 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.101 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.103 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.102 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.1 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.2 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.254.3 to any -> (tun0) round-robin
rdr on tun0 inet proto tcp from any to any port 10000:11000 -> 192.168.254.10
rdr on tun0 inet proto udp from any to any port 10000:11000 -> 192.168.254.10
rdr on tun0 inet proto tcp from any to any port 11001:11600 -> 192.168.254.100
rdr on tun0 inet proto udp from any to any port 11001:11600 -> 192.168.254.100
rdr on tun0 inet proto tcp from any to any port 8000:8100 -> 192.168.254.12
rdr on tun0 inet proto udp from any to any port 8000:8100 -> 192.168.254.12
rdr on tun0 inet proto tcp from any to any port 5010:5019 -> 192.168.254.101
rdr on tun0 inet proto udp from any to any port 5010:5019 -> 192.168.254.101
rdr on tun0 inet proto tcp from any to any port 5020:5029 -> 192.168.254.103
rdr on tun0 inet proto udp from any to any port 5020:5029 -> 192.168.254.103
rdr on tun0 inet proto tcp from any to any port 15000:15500 -> 192.168.254.1
rdr on tun0 inet proto udp from any to any port 15000:15500 -> 192.168.254.1


faco as regras separadas para poder controlar quem pode ou nao usar o
FreeBSD como roteador :)

valeu

matheus
-- 
We will call you cygnus,
The God of balance you shall be

Mais detalhes sobre a lista de discussão freebsd