IPv4 Address:-
IPv6 Address:-
Service Provider:-
SSL Information:-
HTTP Protocol:-
Database:-
Web:-
NetFlow v9 Exporting from FreeBSD routers/firewalls [01/Jun/2016]   Link Failover in FreeBSD (without requiring switch configuration)     Add DKIM Signing to FreeBSD Servers  

Sometimes it's useful to have netflow reporting from a FreeBSD router or firewall.

For this example, we'll assume you want to export flows on the igb0 network interface with netflow v9 packets to the flow collector at 192.0.2.10 port 1234 (UDP) – v9 packets are useful as they can contain IPv6 flows.

First, we need to load some kernel modules at boot time – to do this we need to add the following lines to your /boot/loader.conf file:

netgraph_load="YES"
ng_ether_load="YES"
ng_socket_load="YES"
ng_ksocket_load="YES"
ng_tee_load="YES"
ng_netflow_load="YES" Copy


You can load these now without having to reboot by typing:

kldload netgraph ng_ether ng_socket ng_ksocket ng_tee ng_netflow Copy

Next we need a startup script to configure netflow.  Create a file with the following contents called /usr/local/etc/rc.d/900.netflow.sh:

#!/bin/sh
case "$1" in
        'start')
                /usr/sbin/ngctl -f- <<-SEQ
mkpeer igb0: netflow lower iface0
name igb0:lower netflow
connect igb0: netflow: upper out0
mkpeer netflow: ksocket export9 inet/dgram/udp
msg netflow:export9 connect inet/192.0.2.10:1234
SEQ
                ;;
        'stop')
                ;;
        *)
                echo "Please specify 'start' or 'stop'"
                ;;
        esac Copy


And ensure it runs at boot time with:

chmod a+x /usr/local/etc/rc.d/900.netflow.sh Copy

and now you can start it:

/usr/local/etc/rc.d/900.netflow.sh start Copy

You should start seeing netflow packets arrive at your collector.

FreeBSD doesn't have ASN information in its kernel, so the netflow packets will only report flows with IPs and port numbers present.

  Link Failover in FreeBSD (without requiring switch configuration)     Add DKIM Signing to FreeBSD Servers  
Copyright © 2024 Daniel Austin MBCS.
Proudly hosted using the FreeBSD operating system.
 
E-mail me
PGP Key
E-mail me
LOGGED IN
Login
padlock icon
LOGIN ERROR#123: random error here