Re: [Jkflow-users] Observation on JKFlow and NAT

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Please forgive my error, the Internal Network is 10.6.1.0/24 and not 10.6.0.0/24.

Okoegwale Uwagbale Joseph <oko...@ya...> wrote:    Hello,

  I made an observation about using JKFlow to process flows from a router using NAT for internet. 

  Assuming we have an internal network 10.6.0.0/24 and the exporting router is natting to an address in 1.2.3.0/28 network. 
  Usually, the configure would be - 

  <direction name="Internet"
 fromsubnets="10.6.1.0/24"
 tosubnets="0.0.0.0/0"  OR  tosubnets="0.0.0.0/1,128.0.0.0/1" 
 notosubnets="10.6.1.0/24">
  <services>80/tcp,110/tcp,143/tcp</services>
  <protocols>tcp,udp,icmp</protocols>
  <total/>
</direction>

  The graph produced will show content on "FROM" direction (+y axis) while "TO" direction (-y axis) is blank.

  However, adding the external NAT subnet as an entry on the fromsubnets and notosubnets produced graphs that match mrtg for the internet interface. The configure for this is - 

  <direction name="Internet"
 fromsubnets="10.6.1.0/24,1.2.3.0/28"
 tosubnets="0.0.0.0/0"
 notosubnets="10.6.1.0/24,1.2.3.0/28">
  <services>80/tcp,110/tcp,143/tcp</services>
  <protocols>tcp,udp,icmp</protocols>
  <total/>
</direction>

  If you are using the latest version of JKFlow, the configure would be -
  <direction name="Internet"
 fromsubnets="10.6.1.0/24,1.2.3.0/28"
 tosubnets="0.0.0.0/1,128.0.0.0/1"
 notosubnets="10.6.1.0/24,1.2.3.0/28">
  <services>80/tcp,110/tcp,143/tcp</services>
  <protocols>tcp,udp,icmp</protocols>
  <total/>
</direction>

This works for me. Please try it. Does this work for any other person using NAT on a router exporting flows?

  Regards

  Joseph

          "A minority of input produces the majority of results." 
-Pareto Principle (the 80:20 rule)

---------------------------------
  Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail Beta.Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jkflow-users mailing list
Jkf...@li...
https://lists.sourceforge.net/lists/listinfo/jkflow-users

"A minority of input produces the majority of results." 
-Pareto Principle (the 80:20 rule)

---------------------------------
Sneak preview the  all-new Yahoo.com. It's not radically different. Just radically better. 