Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

2017-05-30 Thread thomasmeier1976 
Hi,

 

yes i like to do the NTOPNG inline policing. And don't know where to insert the bridge because LAN is NATed to WAN.

Vlans can come later. In my first Testcase I can simulate it without vlans because eth0 has no vlan. Would be nice to hear from someone who managed it on one machine. I like to avoid to attach a seconds physical machine into the line.

 

regards, Thomas
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

2017-05-30 Thread thomasmeier1976 
Hi Marco,

 

thank you for the answer.

 

Let's try to make an easy testcase. How about this:

eth0 wan (external ip)

eth1 lan (192.168.x.x)

 

lan gets NATed to wan. So i cannot build a bridge between eth0 and eth1.

So where to attach the bridge?

 

Maybe:

eth0 remove external ip 

create br0 without attached interfaces

br0 add external ip 

Start ntop to use bridge br0 and parameter to attach eth0

ntopng -i bridge:br0,eth0

Then rewrite the firewall to NAT out over br0 instead of eth0

 

Can this work? Or do I need at least one attached interface at the existing bridge and then let ntopng attach a second interface?

 

regards, Thomas

 

Gesendet: Dienstag, 30. Mai 2017 um 10:24 Uhr
Von: "Marco Teixeira" 
An: ntop-misc@listgateway.unipi.it
Betreff: Re: [Ntop-misc] ntopng bridge on nat gateway with vlans



Hi Thomas,

To the best of my knowledge, packets still have to pass on eth0, so attach it there.

I don't use NTOP with a setup like yours, but you might have to account for the VLAN tagging in NTOP config... maybe.

 

=Marco

 
2017-05-30 8:45 GMT+01:00 :




Dear community,

 

I have a NAT gateway with iptables that is acting as main gateway for all workstations.

Ntopng is working fine, but now i like to use inline traffic policing. Therefore I need a bridge.

 

Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2 (phones), eth1.3 (servers).

 

Now i would like to change the eth1 devices to br0 devices for each vlan. This is working in another setup.

Then i would have br0.1 br0.2 br0.3

 

But how to attach ntopng then for the bridge mode? Is is possible? Or do I have to provide a separate machine?

 

kind regards, 

Thomas

 



___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc



___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc


___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] ntopng bridge on nat gateway with vlans

2017-05-30 Thread thomasmeier1976 
Dear community,

 

I have a NAT gateway with iptables that is acting as main gateway for all workstations.

Ntopng is working fine, but now i like to use inline traffic policing. Therefore I need a bridge.

 

Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2 (phones), eth1.3 (servers).

 

Now i would like to change the eth1 devices to br0 devices for each vlan. This is working in another setup.

Then i would have br0.1 br0.2 br0.3

 

But how to attach ntopng then for the bridge mode? Is is possible? Or do I have to provide a separate machine?

 

kind regards, 

Thomas

 
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc