Hi all,
I'm need some help configuring nscrub. My setup is routed/symmetric for now:
Internet <---> ens160 (native vlan) <----> ens160.838 (servers)
with just one phy interface (--wan-interface=zc:ens160).
ens160 Link encap:Ethernet HWaddr 3c:fd:fe:18:0c:e0
inet addr:x.y.z.34 Bcast:x.y.z.63 Mask:255.255.255.224
ens160.838 Link encap:Ethernet HWaddr 3c:fd:fe:18:0c:e0
inet addr:x.y.z.129 Bcast:x.y.z.255 Mask:255.255.255.128
nscrub-cli:
katharistis>
localhost:8880> vlan id 1 reforge 838
src_vlan_id: 1
dst_vlan_id: 838
katharistis> list targets
targets:
id: ntuanocnet
subnet:
x.y.z.128/28
routingtable:
destination: 0.0.0.0/0
gw: x.y.z.33
The setup is not working. I can't actually ping my server at x.y.z.130
(on ens160.838).
Questions:
- What is the correct setup for this?
- Is the vlan reforging as it supposed to be? I don't really understand
what is supposed to do... I would like to set the output vlan, but
reforge needs to do a rewrite. What exactly is rewriting?
- I guess in pfring_zc mode, packets don't go up the kernel. So, who is
doing arp reuqests for x.y.z.130 or x.y.z.33 (gw)?
- When nscrub is running, can i see the packets with tcpdump on en160
and ens160.838?
Thanx,
Sp
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
