Hi Josh, First of all thanks for the welcome to the misc list !
I don't get a failure when I tried to destroy and re-create the pflow interface indeed. You will find the information requested below : - uname -a OpenBSD casa-vpn01.my.domain 4.8 GENERIC.MP#335 amd6 - dmesg output wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 lm2 at wbsio0 port 0xa00/8: W83627HF mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted I just posted one line because the packet filter configuration is very permissive : pass out log (all) all keep state (pflow) The tcpdump output of pflog interface don't report any block lines with the src and dst ip of the netflow configuration. Using "nc" command always give me a correct answer : # nc -zvu 192.168.1.19 9995 Connection to 192.168.1.19 9995 port [udp/*] succeeded! If you need anything else don't hesitate. Right now, I'm stuck because I don't see anything wrong. *Alexis VACHETTE | Network and System Engineer * Sisteer France: 43 rue Pierre Valette, 92240 Malakoff â France Direct line: +33 1 70 95 51 19 | Fax: +33 1 70 95 50 90 www.sisteer.com <http://www.sisteer.com> Le 03/12/2013 17:51, josh Grosse a écrit : > On 2013-12-03 11:05, Alexis VACHETTE wrote: >> Hi everyone, > > Hey there! Welcome to misc@ (if you haven't posted to the list > before). I use NfSen to monitor a pair of small OpeNBSD firewalls, > and pflow(4) between them. > >> set state-defaults pflow > > I use this, too. > >> # ifconfig pflow0 >> pflow0: flags=41<UP,RUNNING> mtu 1492 >> priority: 0 >> pflow: sender: 192.168.1.251 receiver: 192.168.1.19:9995 >> groups: pflow > > My output looks similar, except the protocol I use (5, the default), > is shown on my ifconfig(8) output. I am > running -current, so I suspect you are running an earlier -release or > -stable, or -release+errata. You didn't post your dmesg, nor mention > flavor of the OpenBSD. There has been recent work in pflow(4), and > there is a patch for 5.3-release and 5.4-release for a bug when a > pflow interface is destroyed. You didn't mention a failure on > destroy/recreate so I assume you must have applied it. > >> I don't see anything going out of the em2 interface. > > I would suspect your PF configuration, since you only posted a single > line from it. I use a crossover cable between the firewalls, and one > reports to the other for data collection, so my rule is simple: > > pass log quick on $private_nic proto udp from any to any port 9995 > > I hope that helps. If my Email was valueless, I'm sorry. > > -Josh- ***************************************************************************** ********************************************* Ce message et toutes les pieces jointes sont confidentiels et etablis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout message electronique est susceptible d'alteration. SISTEER decline toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. Si vous n'etes pas le destinataire de ce message, merci de le detruire et d'informer l'expediteur. ***************************************************************************** ********************************************* This message and any attachments are confidential and intended solely for the addressee(s). Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. SISTEER shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ***************************************************************************** *********************************************
