I'm receiving flows from mikrotik by nfacctd.
I want split inbound and outboud traffic to different tables.
I'm using directives
aggregate_filter[local.out]: src net 10.0.0.0/8
aggregate_filter[local.in]: dst net 10.0.0.0/8
it works only for outbound traffic, because in flows is DstAddr
ip address of NAT (100.100.100.1), look here:
Flow 2
[Duration: 2.010000000 seconds]
StartTime: 12542.300000000 seconds
EndTime: 12544.310000000 seconds
Packets: 5
Octets: 300
InputInt: 15
OutputInt: 2
SrcAddr: 10.0.124.51 (10.0.124.51)
DstAddr: 8.8.8.8 (8.8.8.8)
Protocol: 1
IP ToS: 0x00
SrcPort: 0
DstPort: 0
NextHop: 172.20.3.73 (172.20.3.73)
DstMask: 0
SrcMask: 0
TCP Flags: 0x00
Destination Mac Address: Routerbo_45:49:79
(00:0c:42:45:49:79)
Post Source Mac Address: Routerbo_45:49:78
(00:0c:42:45:49:78)
Post NAT Source IPv4 Address: 100.100.100.1 (100.100.100.1)
Post NAT Destination IPv4 Address: 8.8.8.8 (8.8.8.8)
Post NAPT Source Transport Port: 0
Post NAPT Destination Transport Port: 0
Flow 3
[Duration: 3.010000000 seconds]
StartTime: 12542.300000000 seconds
EndTime: 12545.310000000 seconds
Packets: 5
Octets: 300
InputInt: 2
OutputInt: 15
SrcAddr: 8.8.8.8 (8.8.8.8)
DstAddr: 100.100.100.1 (100.100.100.1)
Protocol: 1
IP ToS: 0x00
SrcPort: 0
DstPort: 0
NextHop: 10.0.124.51 (10.0.124.51)
DstMask: 0
SrcMask: 0
TCP Flags: 0x00
Destination Mac Address: Routerbo_45:49:78
(00:0c:42:45:49:78)
Post Source Mac Address: Routerbo_45:49:79
(00:0c:42:45:49:79)
Post NAT Source IPv4 Address: 8.8.8.8 (8.8.8.8)
Post NAT Destination IPv4 Address: 10.0.124.51
(10.0.124.51)
Post NAPT Source Transport Port: 0
Post NAPT Destination Transport Port: 0
user 10.0.124.51 is behind nat, nat makes router which sends flows too
Is it possible to make filter on "Post NAT Destination IPv4 Address" ?
Thank you for help
Jaroslav Jirasek
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
