netflow internal forward hardcoding

[fichtner]

Hi Ad,

Can we not extract 127.0.0.1 from netflow.conf too?

https://github.com/opnsense/core/blob/master/src/etc/rc.d/netflow#L113

There is a forum topic that talks of IPsec not being able to pick up Netflow traffic, probably because the routing is not in the SPD:

https://forum.opnsense.org/index.php?topic=3697

If that is fixed we could make the listen IP configurable from the GUI and e.g. move samplicator to the network where IPsec is properly routed?

Thanks,
Franco

[AdSchellevis]

Hi Franco,

That won't make a difference, ng_netflow sends its data to 127.0.0.1:2055 which is captured by samplicate and forwarded to the hosts in the list.
You could try to make ng_netflow send its data to the other side but that would kill network insight.
ng_netflow only supports sending flows to a single host.

Cheers,

Ad

[fichtner]

@AdSchellevis which line sets 127.0.0.1 for ng_netflow, or is this only implied by the kernel module and cannot be changed?

[AdSchellevis]

@fichtner this https://github.com/opnsense/core/blob/master/src/etc/rc.d/netflow#L93 , but like I said, you can't send it somewhere else and keep network insight alive.... it only supports one target. The user might switch to an external package for netflow capture, although if you can't forward the traffic to a host on the other side, that probably won't work too (will do the same as samplicate does).