[netflow-tools] softflowd questions

Douglas Choma doug at nakediron.com
Fri Aug 17 07:36:19 EST 2007

Sorry if this has been answered elsewhere... I didn't find an mailing  
list archive.

I'm trying to set up my Linux "router" to monitor Internet bandwidth  
usage (using Netflow).  But I'm a little confused on a few issues:

1) Do I only need to monitor the external interface?  Will that give  
me data about the source IP from internal requests?  Or will the  
NAT'd packet contain the firewall's address as the source?

2) With the external interface in promiscuous mode, won't that open  
up the firewall to unwanted security risks?

Please forgive my ignorance on this stuff.

More information about the netflow-tools mailing list