Dear Thomas,
On Tue, May 30, 2017 at 3:22 PM, <[email protected]> wrote: > Hi Marco, > > thank you for the answer. > > Let's try to make an easy testcase. How about this: > eth0 wan (external ip) > eth1 lan (192.168.x.x) > > lan gets NATed to wan. > We support bridging in routing mode. A tap will do the trick. Assuming you want the box to NAT eth1 clients on eth0, you can do the following: * tap setup: tunctl -t tap0 ifconfig tap0 <TAP ip address in the same subnet of clients > netmask <the netmask> ifconfig tap0 up * nat setup: iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface tap0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward * ntopng startup (interfaces order matter here): ntopng -i bridge:tap0,eth1 Also see the readme: https://github.com/ntop/ntopng/blob/dev/doc/README.inline > So i cannot build a bridge between eth0 and eth1. > So where to attach the bridge? > > Maybe: > eth0 remove external ip > create br0 without attached interfaces > br0 add external ip > Start ntop to use bridge br0 and parameter to attach eth0 > ntopng -i bridge:br0,eth0 > Then rewrite the firewall to NAT out over br0 instead of eth0 > > Can this work? Or do I need at least one attached interface at the > existing bridge and then let ntopng attach a second interface? > > regards, Thomas > > *Gesendet:* Dienstag, 30. Mai 2017 um 10:24 Uhr > *Von:* "Marco Teixeira" <[email protected]> > *An:* [email protected] > *Betreff:* Re: [Ntop-misc] ntopng bridge on nat gateway with vlans > Hi Thomas, > To the best of my knowledge, packets still have to pass on eth0, so attach > it there. > I don't use NTOP with a setup like yours, but you might have to account > for the VLAN tagging in NTOP config... maybe. > > =Marco > > 2017-05-30 8:45 GMT+01:00 <[email protected]>: >> >> Dear community, >> >> I have a NAT gateway with iptables that is acting as main gateway for all >> workstations. >> Ntopng is working fine, but now i like to use inline traffic policing. >> Therefore I need a bridge. >> >> Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2 >> (phones), eth1.3 (servers). >> >> Now i would like to change the eth1 devices to br0 devices for each vlan. >> This is working in another setup. >> Then i would have br0.1 br0.2 br0.3 >> >> But how to attach ntopng then for the bridge mode? Is is possible? Or do >> I have to provide a separate machine? >> >> kind regards, >> Thomas >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ Ntop-misc mailing list > [email protected] http://listgateway.unipi.it/ > mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
