Use pfflowd to flow tracking on FreeBSD6.1
Guy Brand
gb at isis.u-strasbg.fr
Sat Dec 2 15:26:50 PST 2006
Andriy Galetski (agaletski at ukr.net) on 03/12/2006 at 00:03 wrote:
> But I can`t use pfflowd with pfsync to pass stat to netflow collector.
>
> tcpdump -i pfsync0
> tcpdump: WARNING: pfsync0: no IPv4 address assigned
> tcpdump: unsupported data link type 121
Hello,
t1# uname -v
FreeBSD 6.1-STABLE #3: Wed Aug 30 14:13:16 CEST 2006
This box uses:
device if_bridge
device pf
device pflog
device pfsync
t1# ps fax|grep pfflow
1152 ?? Ss 3:50.09 /usr/local/sbin/pfflowd -n 127.0.0.1:2055
5775 ?? Ss 0:00.04 flow-capture -n 287 -N 0 -w /sec/ -S 5 0/0/2055
t1# tcpdump -n -i lo0 udp port 2055
23:58:41.459145 IP 127.0.0.1.63050 > 127.0.0.1.2055: UDP, length 552
23:58:41.459175 IP 127.0.0.1.63050 > 127.0.0.1.2055: UDP, length 552
...
t1# flow-export -f0 < /sec/ft-v05.2006-12-02.235501+0100 | flowdumper -s
2006/12/02 23:59:58 151.56.82.148.6348 -> 130.79.117.140.1173 6 12 750
2006/12/02 23:59:58 130.79.117.140.1176 -> 216.59.252.40.12200 6 7 288
2006/12/02 23:59:58 216.59.252.40.12200 -> 130.79.117.140.1176 6 6 256
2006/12/02 23:59:58 130.79.116.233.3225 -> 130.79.40.6.110 6 17 776
...
> In my opinion pfsync kernel part or pfflowd did`t work well
> on FreeBSD. I saw it on OpenBSD it`s work fine.
I see it on FreeBSD too.
--
bug
More information about the freebsd-pf
mailing list