Hi guys I''m trying to use the ipt_NETFLOW module with shorewall, the documentation says that once the module is installed to add a rule in iptables like "-j NETFLOW" To the accounting config file I added simply NETFLOW but when I build the config shorewall makes a chain called NETFLOW and iptables jumps there instead of to the extension with the message "Warning: using chain NETFLOW, not extension". What''s the best way to accomplish this? Thanks, Josh ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Hack up Shorewall 4.4 to do what you want. ipt_NETFLOW looks like another of those out-of-tree extensions that has limited chances of success (since May, the latest version has had only 600 downloads from Sourceforge). If it does succeed, and if it proves useful, then I will consider adding official support for it. But it must, at a minimum, be available in xtables-addons before I''ll look at it at all. -Tom --=20 Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
I''m happy to use something else, but most netflow projects that I''ve found out there are even older, from around 2005... If someone knows of a netflow exporter that is more recent/better supported I''d be happy to play with it. I really need to know what kind of traffic is going through my firewall and there are a lot of professional tools that will receive the netflow and tell me what is going on. Josh Tom Eastep wrote:> Hack up Shorewall 4.4 to do what you want. > > ipt_NETFLOW looks like another of those out-of-tree extensions that has > limited chances of success (since May, the latest version has had only > 600 downloads from Sourceforge). If it does succeed, and if it proves > useful, then I will consider adding official support for it. But it > must, at a minimum, be available in xtables-addons before I''ll look at > it at all. > > -Tom > --=20 > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Joshua Perry wrote:> I''m happy to use something else, but most netflow projects that I''ve > found out there are even older, from around 2005... If someone knows of > a netflow exporter that is more recent/better supported I''d be happy to > play with it. I really need to know what kind of traffic is going > through my firewall and there are a lot of professional tools that will > receive the netflow and tell me what is going on. >If you just want to insert a couple of rules, you might consider doing so in the /etc/shorewall/start script: run_iptables -I <chain> <ordinal> ... -j NETFLOW -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Tom Eastep wrote:> Joshua Perry wrote: >> I''m happy to use something else, but most netflow projects that I''ve >> found out there are even older, from around 2005... If someone knows of >> a netflow exporter that is more recent/better supported I''d be happy to >> play with it. I really need to know what kind of traffic is going >> through my firewall and there are a lot of professional tools that will >> receive the netflow and tell me what is going on. >> > > If you just want to insert a couple of rules, you might consider doing > so in the /etc/shorewall/start script: > > run_iptables -I <chain> <ordinal> ... -j NETFLOW >Another approach is to apply the attached patch (it will apply with an offset to Shorewall 4.4.0-4.4.1 and to recent 4.2 Shorewall-perl releases): 4.2.* patch /usr/share/shorewall-perl/Shorewall/Chains.pm < accounting.diff 4.4.*: patch /usr/share/shorewall/Shorewall/Chains.pm < accounting.diff Then place the following in /etc/shorewall/netflow: use Shorewall::Chains; add_rule $chainref, ''-j NETFLOW''; return 1; Now, any traffic sent to the ''netflow'' accounting chain will be sent to the NETFLOW target (which is what you were trying to do in the first place). The patch will be included in Shorewall 4.4.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Tom Eastep wrote:> Tom Eastep wrote: >> Joshua Perry wrote: >>> I''m happy to use something else, but most netflow projects that I''ve >>> found out there are even older, from around 2005... If someone knows of >>> a netflow exporter that is more recent/better supported I''d be happy to >>> play with it. I really need to know what kind of traffic is going >>> through my firewall and there are a lot of professional tools that will >>> receive the netflow and tell me what is going on. >>> >> If you just want to insert a couple of rules, you might consider doing >> so in the /etc/shorewall/start script: >> >> run_iptables -I <chain> <ordinal> ... -j NETFLOW >> > > Another approach is to apply the attached patch (it will apply with an > offset to Shorewall 4.4.0-4.4.1 and to recent 4.2 Shorewall-perl releases): > > 4.2.* > > patch /usr/share/shorewall-perl/Shorewall/Chains.pm < accounting.diff > > 4.4.*: > > patch /usr/share/shorewall/Shorewall/Chains.pm < accounting.diff > > Then place the following in /etc/shorewall/netflow: > > use Shorewall::Chains; > add_rule $chainref, ''-j NETFLOW''; > return 1; > > Now, any traffic sent to the ''netflow'' accounting chain will be sent to > the NETFLOW target (which is what you were trying to do in the first place). > > The patch will be included in Shorewall 4.4.2.Oops -- there issues with that patch. Please wait until I resolve them. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Tom Eastep wrote:> Tom Eastep wrote: >> Joshua Perry wrote: >>> I''m happy to use something else, but most netflow projects that I''ve >>> found out there are even older, from around 2005... If someone knows of >>> a netflow exporter that is more recent/better supported I''d be happy to >>> play with it. I really need to know what kind of traffic is going >>> through my firewall and there are a lot of professional tools that will >>> receive the netflow and tell me what is going on. >>> >> If you just want to insert a couple of rules, you might consider doing >> so in the /etc/shorewall/start script: >> >> run_iptables -I <chain> <ordinal> ... -j NETFLOW >> > > Another approach is to apply the attached patch (it will apply with an > offset to Shorewall 4.4.0-4.4.1 and to recent 4.2 Shorewall-perl releases): > > 4.2.* > > patch /usr/share/shorewall-perl/Shorewall/Chains.pm < accounting.diff > > 4.4.*: > > patch /usr/share/shorewall/Shorewall/Chains.pm < accounting.diff > > Then place the following in /etc/shorewall/netflow: > > use Shorewall::Chains; > add_rule $chainref, ''-j NETFLOW''; > return 1; > > Now, any traffic sent to the ''netflow'' accounting chain will be sent to > the NETFLOW target (which is what you were trying to do in the first place). > > The patch will be included in Shorewall 4.4.2.The issue with that patch can be resolved by applying the attached patch on top of it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf