Re: [Ntop-misc] Consider adding a warning in case ip_version is missing in function hash_pkt()

[Amir Kaduri]

Hi Alfredo,

This is the exact location of the function:
https://github.com/ntop/PF_RING/blob/dev/kernel/pf_ring.c#L1794

Thanks,
Amir

On Mon, May 29, 2017 at 7:28 PM, Alfredo Cardigliano
 wrote:
> Hi Amir
> what is the file location you are talking about?
>
> Alfredo
>
>> On 29 May 2017, at 18:23, Amir Kaduri  wrote:
>>
>> In function hash_pkt(), there is a if-else-if statement based on
>> ip_version. If ip_version is 0, the hash won't include the ipaddress.
>> Since the ip_version might come from the user input, I suggest adding
>> an "else" and issue a warning in case ip_version wasn't set.
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

[Simone Mainardi]

Dear Thomas,



On Tue, May 30, 2017 at 3:22 PM,  wrote:

> Hi Marco,
>
> thank you for the answer.
>
> Let's try to make an easy testcase. How about this:
> eth0 wan (external ip)
> eth1 lan (192.168.x.x)
>
> lan gets NATed to wan.
>

We support bridging in routing mode. A tap will do the trick. Assuming you
want the box to NAT eth1 clients on eth0, you can do the following:

* tap setup:
tunctl -t tap0
ifconfig tap0  netmask 
ifconfig tap0 up

* nat setup:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface tap0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward


* ntopng startup (interfaces order matter here):
ntopng -i bridge:tap0,eth1

Also see the readme:
https://github.com/ntop/ntopng/blob/dev/doc/README.inline


> So i cannot build a bridge between eth0 and eth1.
> So where to attach the bridge?
>
> Maybe:
> eth0 remove external ip
> create br0 without attached interfaces
> br0 add external ip
> Start ntop to use bridge br0 and parameter to attach eth0
> ntopng -i bridge:br0,eth0
> Then rewrite the firewall to NAT out over br0 instead of eth0
>
> Can this work? Or do I need at least one attached interface at the
> existing bridge and then let ntopng attach a second interface?
>
> regards, Thomas
>
> *Gesendet:* Dienstag, 30. Mai 2017 um 10:24 Uhr
> *Von:* "Marco Teixeira" 
> *An:* ntop-misc@listgateway.unipi.it
> *Betreff:* Re: [Ntop-misc] ntopng bridge on nat gateway with vlans
> Hi Thomas,
> To the best of my knowledge, packets still have to pass on eth0, so attach
> it there.
> I don't use NTOP with a setup like yours, but you might have to account
> for the VLAN tagging in NTOP config... maybe.
>
> =Marco
>
> 2017-05-30 8:45 GMT+01:00 :
>>
>> Dear community,
>>
>> I have a NAT gateway with iptables that is acting as main gateway for all
>> workstations.
>> Ntopng is working fine, but now i like to use inline traffic policing.
>> Therefore I need a bridge.
>>
>> Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2
>> (phones), eth1.3 (servers).
>>
>> Now i would like to change the eth1 devices to br0 devices for each vlan.
>> This is working in another setup.
>> Then i would have br0.1 br0.2 br0.3
>>
>> But how to attach ntopng then for the bridge mode? Is is possible? Or do
>> I have to provide a separate machine?
>>
>> kind regards,
>> Thomas
>>
>>
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> ___ Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/
> mailman/listinfo/ntop-misc
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc