Re: [Ntop] Newbie question

Tue, 02 Dec 2014 06:10:42 -0800 

Rob
on the nprobe side you need to do --zmq "tcp://*:5556" (you mispelled
it) and it will work

Luca

On 11/26/2014 07:18 PM, Rob Bartlett wrote:
> Hi Folks,
>
> I am trying to set up collection of data from a server at Rackspace
> behind a firewall & a machine in our DMZ.  The Rackspace firewall has
> been configured to allow both TCP and UDP traffic on port 5556 in both
> directions:
>
> Type   Protocol  Port   From                 To
> permit    tcp    5556   aaa.bbb.ccc.ddd/32   www.xxx.yyy.zzz/32
> permit    udp    5556   aaa.bbb.ccc.ddd/32   www.xxx.yyy.zzz/32
> permit    tcp    5556   www.xxx.yyy.zzz/32   aaa.bbb.ccc.ddd/32
> permit    udp    5556   www.xxx.yyy.zzz/32   aaa.bbb.ccc.ddd/32
>
> aaa.bbb.ccc.ddd represents the IP of the Rackspace server.
> www.xxx.yyy.zzz represents the IP of the DMZ server.
>
> The iptables on the DMZ machine have the following rules:
>
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source destination
>     0     0 ACCEPT     tcp  --  *      *       aaa.bbb.ccc.ddd
> 0.0.0.0/0           tcp dpt:5556
>     0     0 ACCEPT     udp  --  *      *       aaa.bbb.ccc.ddd
> 0.0.0.0/0           udp dpt:5556
> Chain OUTPUT (policy ACCEPT 367 packets, 529K bytes)
>  pkts bytes target     prot opt in     out     source destination
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
> aaa.bbb.ccc.ddd      tcp dpt:5556
>     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
> aaa.bbb.ccc.ddd      udp dpt:5556
>
>
> I have started nprobe on the Rackspase server as follows:
>
> nprobe -zmw "tcp://*:5556" -i eth0 -n www.xxx.yyy.zzz:5556 -u -1 -Q -1
>
> Where www.xxx.yyy.zzz is the external IP of the DMZ machine.
>
> I have started ntopng on the DMZ machine as follows:
>
> ntopng -e -i tcp://aaa.bbb.ccc.ddd:5556 -w :8080
>
> Things weren't working so I did a tcpdump on both endpoints.
> On the Rackspace server I see UDP packets of length 1464 being
> sent to the DMZ machine.  One the DMZ machine I see zero length
> TCP packets being sent to the Rackspase server.  Neither one
> is receiving any inbound traffic from the other.
>
> It's almost as if there were still a firewall in place.  Any
> pointers on how to further diagnose this would be appreciated.
>
> Kind regards,
>
> Rob

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to