You need to place the pflow directive on rules on the inside interface
not on the outside interface to see RFC1918 addresses.
Rules on the outside interface are processed 'post' nat..
NB; 'keep state' is the default, so you don't need to define this
unless you are explicitly setting something different to the defaults
(like pflow).
Alternatively think about adding 'set state-defaults pflow'
Andy.
On Thu 23 Jan 2014 08:42:04 GMT, Tor Houghton wrote:
Hello,
I've been using pflow in a non-NAT environment (btw, thanks for both the pf
support and the "other" OS softflowd), but now I'd like to use it in a NAT
configuration.
Is there a particular way pflow needs to be configured to see which of the
NAT'ed hosts are talking to which external address? (The way I've configured
it[*] it appears that I only see external flows post-NAT.)
I see a similar question has been asked before, by Chris Cappuccio on tech@,
but I didn't see any answers, so I'm braving a question here.
Tor
[*] Which has a good chance of being wrong. On 5.2 on an old G4:
ext_if="vlan100"
int_if="vlan200"
dmz_if="vlan300"
svc_if="vlan600"
..
<block rules here>
..
pass out on $ext_if from any to any nat-to ($ext_if) keep state (pflow)
pass out on $svc_if keep state (pflow)
pass out on $dmz_if keep state (pflow)
pass out on $int_if keep state (pflow)
# do i need to add (pflow) to these too, perhaps?
pass in on $int_if keep state
pass in on $dmz_if keep state
pass in on $svc_if keep state
