А, пардон - не увидел. С настойкой netgraph вы уже разобрались...
Я бы предложил такой вариант скрипта для настройки:ngctl="/usr/sbin/ngctl"
alias="192.168.100.99 "
nfport="4444"
${ngctl} mkpeer ipfw: split 111 mixed
${ngctl} name ipfw:111 split111
${ngctl} mkpeer ipfw: nat 222 in
${ngctl} name ipfw:222 nat222
${ngctl} mkpeer nat222: split out mixed
${ngctl} name nat222:out split111
${ngctl} mkpeer split222: netflow out iface0
${ngctl} name split222:out flowsensor
${ngctl} connect split111: flowsensor: out iface1
${ngctl} connect flowsensor: split111: out0 in
${ngctl} connect flowsensor: split222: out1 in
${ngctl} mkpeer flowsensor: ksocket export inet/dgram/udp
${ngctl} name flowsensor:export flowsend
${ngctl} msg nat222: setaliasadr ${alias}
${ngctl} msg flowsensor: setdlt { iface=0 dlt=12 }
${ngctl} msg flowsensor: setdlt { iface=1 dlt=12 }
${ngctl} msg flowsensor: setifindex { iface=0 index=0 }
${ngctl} msg flowsensor: setifindex { iface=1 index=0 }
${ngctl} msg flowsensor: settimeouts { inactive=10 active=10 }
${ngctl} msg flowsend: connect inet/127.0.0.1/${nfport}
Использоать так:
ipfw add 1000 netgraph 111 ip from any to any in via ${inet_iface}
ipfw add 1100 netgraph 222 ip from any to any out via ${inet_iface};