Thomas, Sorry i miss understood your question. I thought you wanted to do policing with linux, and just use NTOP as usual. Reading better, i see you meant to use NTOPNG inline policing right? If so, I will let our good friends from NTOP chime in, as this involves bridging with PFRING in userspace... don't know how this will work with vlans...
=Marco 2017-05-30 14:22 GMT+01:00 <[email protected]>: > Hi Marco, > > thank you for the answer. > > Let's try to make an easy testcase. How about this: > eth0 wan (external ip) > eth1 lan (192.168.x.x) > > lan gets NATed to wan. So i cannot build a bridge between eth0 and eth1. > So where to attach the bridge? > > Maybe: > eth0 remove external ip > create br0 without attached interfaces > br0 add external ip > Start ntop to use bridge br0 and parameter to attach eth0 > ntopng -i bridge:br0,eth0 > Then rewrite the firewall to NAT out over br0 instead of eth0 > > Can this work? Or do I need at least one attached interface at the > existing bridge and then let ntopng attach a second interface? > > regards, Thomas > > *Gesendet:* Dienstag, 30. Mai 2017 um 10:24 Uhr > *Von:* "Marco Teixeira" <[email protected]> > *An:* [email protected] > *Betreff:* Re: [Ntop-misc] ntopng bridge on nat gateway with vlans > Hi Thomas, > To the best of my knowledge, packets still have to pass on eth0, so attach > it there. > I don't use NTOP with a setup like yours, but you might have to account > for the VLAN tagging in NTOP config... maybe. > > =Marco > > 2017-05-30 8:45 GMT+01:00 <[email protected]>: >> >> Dear community, >> >> I have a NAT gateway with iptables that is acting as main gateway for all >> workstations. >> Ntopng is working fine, but now i like to use inline traffic policing. >> Therefore I need a bridge. >> >> Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2 >> (phones), eth1.3 (servers). >> >> Now i would like to change the eth1 devices to br0 devices for each vlan. >> This is working in another setup. >> Then i would have br0.1 br0.2 br0.3 >> >> But how to attach ntopng then for the bridge mode? Is is possible? Or do >> I have to provide a separate machine? >> >> kind regards, >> Thomas >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ Ntop-misc mailing list > [email protected] http://listgateway.unipi.it/ > mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
