[netflow-tools] Flow direction
Jason Dixon
jason at dixongroup.net
Sun May 22 22:42:06 EST 2005
On May 22, 2005, at 12:36 AM, Jason Dixon wrote:
> Still working on the same flowd->db application, looks like I might
> have found an interface/direction problem with either pfsync or
> pfflowd. I noticed that no matter what type of traffic I push through
> my PF firewalls, "inbound" traffic is always identified with the
> external interface and "outbound" with the internal. Even when I
> attempt outbound connections from internal hosts (or the firewall
> itself), outbound traffic is always assigned to the internal
> interface.
>
> An example flow can be seen in line 1 of the output at
> http://www.dixongroup.net/netmon.txt. I have enabled if-bound
> state-policy, but this has had no effect. Is this another
> pfsync->pfflowd issue?
Would softflowd be a better probe to use during development/testing of
this application? It's a netflow application, so it's not tied to PF
for any reason.
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
More information about the netflow-tools
mailing list