I found it's useful to use IPv6 for delivery of Netflow packets, especially when you want to allow them from outside firewall to inside firewall without being bitten by NAT rules.
However, when nfsen starts nfcapd, by default it listens only on 0.0.0.0 (= IPv4). To listen on :: you have to add the "-6" flag, but there doesn't seem to be a clean way to do that in nfsen.conf. In the end I frigged it like this: $BUFFSLEN = "200000 -6"; (yuk!). I think it would be better to have an explicit nfcapd flags setting; this would also allow you to do things like bind nfcapd to a specific address. It might also be good for nfcapd to listen by default on both v4 and v6 if you don't specify either "-4" or "-6", but it's fine to add "-6" explicitly if required. Regards, Brian. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
