hardware:gl-ar750s-ext:managing_firewall

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
次のリビジョン		 前のリビジョン
hardware:gl-ar750s-ext:managing_firewall [2020/02/26 03:40] ともやんhardware:gl-ar750s-ext:managing_firewall [2020/03/13 08:19] (現在) ともやん
行 1: 行 1:
 +<html>
 +  <style>
 +    #result pre {
 +      height: 300px;
 +      overflow: scroll;
 +      overflow-x: hidden;
 +      font-size: 10px;
 +    }
 +  </style>
 +</html>
 ====== ファイアウォール管理 ====== ====== ファイアウォール管理 ======
  
行 6: 行 16:
 <WRAP prewrap 100%> <WRAP prewrap 100%>
 <code> <code>
-# opkg update && opkg install ulogd ulogd-mod-nfct ulogd-mod-syslog ulogd-mod-extra+# opkg update && opkg install ulogd ulogd-mod-nfacct ulogd-mod-nfct ulogd-mod-nflog ulogd-mod-xml ulogd-mod-syslog ulogd-mod-extra syslog-ng
 </code> </code>
 </WRAP> </WRAP>
行 31: 行 41:
 Installing ulogd (2.0.5-2) to root... Installing ulogd (2.0.5-2) to root...
 Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd_2.0.5-2_mips_24kc.ipk Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd_2.0.5-2_mips_24kc.ipk
 +Installing ulogd-mod-nfacct (2.0.5-2) to root...
 +Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nfacct_2.0.5-2_mips_24kc.ipk
 Installing ulogd-mod-nfct (2.0.5-2) to root... Installing ulogd-mod-nfct (2.0.5-2) to root...
 Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nfct_2.0.5-2_mips_24kc.ipk Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nfct_2.0.5-2_mips_24kc.ipk
 +Installing ulogd-mod-nflog (2.0.5-2) to root...
 +Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-nflog_2.0.5-2_mips_24kc.ipk
 +Installing ulogd-mod-xml (2.0.5-2) to root...
 +Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-xml_2.0.5-2_mips_24kc.ipk
 Installing ulogd-mod-syslog (2.0.5-2) to root... Installing ulogd-mod-syslog (2.0.5-2) to root...
 Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-syslog_2.0.5-2_mips_24kc.ipk Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-syslog_2.0.5-2_mips_24kc.ipk
 Installing ulogd-mod-extra (2.0.5-2) to root... Installing ulogd-mod-extra (2.0.5-2) to root...
 Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-extra_2.0.5-2_mips_24kc.ipk Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/ulogd-mod-extra_2.0.5-2_mips_24kc.ipk
 +Installing syslog-ng (3.9.1-3) to root...
 +Downloading https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages/syslog-ng_3.9.1-3_mips_24kc.ipk
 +Configuring syslog-ng.
 Configuring ulogd. Configuring ulogd.
 Configuring ulogd-mod-extra. Configuring ulogd-mod-extra.
 Configuring ulogd-mod-nfct. Configuring ulogd-mod-nfct.
 Configuring ulogd-mod-syslog. Configuring ulogd-mod-syslog.
 +Configuring ulogd-mod-xml.
 +Configuring ulogd-mod-nfacct.
 +Configuring ulogd-mod-nflog.
 </code> </code>
 </WRAP> </WRAP>
 +
 +==== syslog-ng の動作確認 ====
 +<code>
 +# cat /var/log/messages
 +Feb 26 05:48:04 TomoyanWRT-GL syslog-ng[7403]: syslog-ng starting up; version='3.9.1'
 +</code>
 +
 +==== ulog の設定 ====
 +<code>
 +# vi /etc/ulog.conf
 +</code>
 +<WRAP prewrap 100%>
 +<code autoconf /etc/ulog.conf>
 +# this is a stack for flow-based logging via LOGEMU
 +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
 +stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG
 +
 +[ct1]
 +hash_enable=0
 +#netlink_socket_buffer_size=217088
 +#netlink_socket_buffer_maxsize=1085440
 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
 +#pollinterval=10 # use poll-based logging instead of event-driven
 +# If pollinterval is not set, NFCT plugin will work in event mode
 +# In this case, you can use the following filters on events:
 +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
 +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
 +#accept_proto_filter=tcp,sctp # layer 4 proto of connections
 +</code>
 +</WRAP>
 +
 +ulogd を手動で実行して動作確認を行う。\\
 +<code>
 +# ulogd -v
 +Wed Feb 26 05:21:35 2020 <7> ulogd.c:622 load_plugin: '/usr/lib/ulogd/ulogd_filter_IP2BIN.so': Error relocating /usr/lib/ulogd/ulogd_filter_IP2BIN.so: uint32_to_ipv6: symbol not found
 +Wed Feb 26 05:21:35 2020 <5> ulogd.c:843 building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
 +Wed Feb 26 05:21:35 2020 <5> ulogd_inpflow_NFCT.c:1399 NFCT plugin working in event mode
 +</code>
 +**uint32_to_ipv6: symbol not found** はバグ?\\
 +
 +==== ulogd の有効化と起動 ====
 +<code>
 +# service ulogd enable
 +# service ulogd start
 +</code>
 +
 +==== 接続追跡フローアカウンティングを有効に設定 ====
 +<code>
 +# echo '1' > /proc/sys/net/netfilter/nf_conntrack_acct
 +# echo 'net.netfilter.nf_conntrack_acct=1' > /etc/sysctl.d/100-custom.conf
 +</code>
  
 ===== 参考文献 ===== ===== 参考文献 =====
  • hardware/gl-ar750s-ext/managing_firewall.1582656001.txt.gz
  • 最終更新: 2020/02/26 03:40
  • by ともやん