Sophie

Sophie

distrib > Mageia > 6 > x86_64 > media > core-updates > by-pkgid > f4d7e40d28f36cdacdd03b6ee3ac20cc > files > 25

ntopng-2.4-1.mga6.x86_64.rpm

Introduction
-------------
Netfilter support in ntopng is part of the packaged version available at http://packages.ntop.org.
If you have a pro license you can drop/shape traffic from within ntopng, otherwise ntopng will
just mark the traffic using the protocol identifier of the flow. The full list of protocol identifiers
can be obtained by running ntopng with the help flag -h. For example, Skype flows will be
marked with protocol identifier 125.

# ntopng -h|grep Skype
[125] Skype

You can leverage protocol identifiers to assign different QoS classes to your traffic(e.g., shape, drop, etc). In
essence you can implement an application-level firewall.

Using NetFilter
---------------

If you use ntopng over netfilter you need to:

# 1 - Create a queueId and divert traffic to it.

Following is an example to create a net filter queue with queueId equal to 0:
	# iptables -A FORWARD -i eth1 -j NFQUEUE --queue-num 0
	With this rule all incoming traffic on eth1 interface in the forwarding phase will go to
	the netfilter queue 0.


# 2 - start ntopng on device nf:X
	# ntopng -i nf:0

For example, if you run ntopng with -i nf:0 parameter, it will be able to get traffic from
netfilter queue 0 and to decide whether to drop or accept it.


Use Case
---------------
A typical use case of ntopng over netfilter is when you have set the NAT ip forwarding
between two interfaces (let’s say eth1 and eth2) and you want to monitor and
policy the traffic via ntopng during the forwarding phase (monitoring interface eth0).
The use case can be graphically illustrated as:


				       Linux NAT
			       <----------------------->
 Internet (default route)        --------------------                     Private Network
				 |                  |
	 (public ip) eth1--------|      ntopng      |-------eth2 (private network)
				 |                  |
				 --------------------
					 / \
					  |
					  |
					  | eth0 (monitoring interface)


The configuration needed is:

# 1 - Enable forwarding:
	# echo 1 > /proc/sys/net/ipv4/ip_forward

# 2 - Set netfilter queue rules:
	# iptables -A FORWARD -i eth1 -j NFQUEUE --queue-num 0
	# iptables -A FORWARD -i eth2 -j NFQUEUE --queue-num 0

# 3 - Run ntopng:
	# ntopng -i nf:0

The configuration above works and was tested on ubuntu 14.04. Commands may slightly change on
other distributions.


NOTE
----
When you send traffic to NFQUEUE if ntopng is NOT running, packets will be
blocked in the IP stack as they don’t get processed. So make sure ntopng
is running all the time before using this mechanism.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional