Packets don't flow from ng_netflow
Matthew Reimer
mreimer at vpop.net
Wed Jun 1 11:04:20 PDT 2005
I'm trying to use ng_netflow to monitor our network traffic but for some
reason NetFlow packets aren't emitted unless tcpdump is running on the
interface configured with ng_netflow.
The box is running FreeBSD 4.11-STABLE and the latest ng_netflow from ports.
It has two NICs: the main NIC fxp0 which is configured for IP, and a second
NIC dc0 which is up but with no IP configuration. I've configured port
mirroring on our Cisco switch to tee all traffic going through our upstream
port to dc0:
# ifconfig dc0
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:04:5a:79:72:f7
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
netgraph config:
+ mkpeer dc0: netflow lower iface0
+ name dc0:lower netflow
+ mkpeer netflow: ksocket export inet/dgram/udp
+ msg netflow:export connect inet/192.168.1.2:1234
The problem is that no NetFlow packets are emitted unless I run tcpdump on
dc0. Is this not a valid configuration? Or is there a bug in
netgraph/ng_netflow?
Thanks for any help you can give.
Matt
More information about the freebsd-net
mailing list