hello, I use OpenBSD 5.5 as a firewall gateway.
I also use nfsen/nfdump as the netflow collector/analyzer. pf.conf enables netflow for every pf rule (set state-defaults pflow). On the netflow collector host, when I analyse traffic using nfdump, some packets are missing. But on the firewall, tcpdump shows there is traffic for these missing packets. The missing packets are using a carp interface and are natted. The IP used for the nat is an alias, not the main IP address of the carp interface. Do you know if there a problem with netflow + carp alias + nat ? -- Jean-Yves Boisiaud - Alcor Consulting 24, rue de la Glycine 49250 Saint Remy la Varenne +33 6 63 71 73 46
