Hi Peter, Peter Nixon, 23.05.2006 09:52: > I already have a configuration almost identical to yours. As I mentioned > below, I am happily getting data from the external interface also however the > flows are all hidden by the single nat overload which means I have no way to > associate them with the traffic on the internal interface. > > Does anyone have a way to resolve this? I figure that there must be a way to > get around this problem by using a loopback interface but as yet I haven't > figured out the correct configuration.
maybe this is a terminology problem. So first I will state some things, which are probably already clear: 1. A flow always has _one_ direction. So if you look at a TCP connection on whatever interface, you will get two flows for that connection. 2. On each interface you can meter both the ingress and egress traffic, that is the traffic leaving and entering the router. If your router has only two active interfaces, you will meter on both interfaces almost the same amount of traffic (beside the traffic directly to/from the router, like webinterface/netflow...). So, if you want to see the packets on the inner side of the NAT process, it makes no sense to meter on the external interface. Just meter on the internal interface and you should be fine. If you want to do something exotic, like recording which port-translation is done by the NAT process, either the metering has to be done by the NAT process itself, or the packets have to be tagged and metered on both interfaces, so that you can export two flows, which are linked somehow, for example with a FlowID. But if at all, this is only possible with Netflow v9 or IPFIX. Hope, that helps a bit. Cheers, Sven -- Sven Anderson Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de Georg-August-Universitaet Goettingen Lotzestr. 16-18, 37083 Goettingen, Germany _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
