[ previous ] [ next ] [ threads ]
 
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  1.2b8 with TransProxy and Experimental NetFlow / nFlow Export
 Date:  Sun, 05 Jun 2005 14:29:58 +0200 
I have added experimental NetFlow v5 & v9 support using nProbe v3.1 as
an Expansions Module to m0n0wall, with a very simple user interface
(basically one command line string with options).

The generic PC image 1.2b8_rs0 is based on 1.2b8 and includes the 
TransProxy "tproxyd" as well which I integrated last month into m0n0wall 
1.2b7. It is available at:

   http://crosscom.ch/m0n0wall/generic-pc-1.2b8_rs0.img

Its MD5 checksum generic-pc-1.2b8_rs0.md5 and the unified diff 
1.2b8_rs0.diff from 1.2b8 to 1..2b8_rs0 is there as well.


I have not had the opportunity to test 1.2b8_rs0 yet, but I hope that it 
will be more stable than 1.2b7 which was kind of hanging after running 
as Captive Portal and Transparent Proxy for about 10 days under moderate 
network load.

nProbe does not start properly after a reboot yet, e.g. you need to 
restart it manually by disabling and reenabling it from the nProbe 
screen. I will try to fix this asap and make is available in 1.2b8_rs1.


For more information on nProbe and NetFlow see Luca Deri's Web site
(author of nProbe) at http://www.ntop.org/ntop.html

For on-line help in m0n0wall, go to its exec.php page and type "nprobe
--help". A more "m0n0wall-like" point-and-click user interface with
built-in plausibility checking is in the works, as well as a polished 
up, e.g. simplified, user interface for tproxyd.

As for tproxyd, a security risk assessment still needs to be done for
nProbe (as well as for licensing conditions, which looks OK after a
first quite look). Thus, as usual, use this experimental image at your
own risk.

This nProbe integration may also serve as an example how to implement an
Expansions Module - it took me a while to figure it out and to get it
working. Still, I would love to have only two, instead of four,
additional PHP files. Currently there are:
etc/inc/ext/nprobe/rc			start script
etc/inc/nprobe.inc			common include file
usr/local/www/ext/nprobe/ext/menu.php	GUI
usr/local/www/ext/nprobe.php		GUI refers to this file	

Please disregard the "ICRC hack" under Expansions module, I only added 
it to support a very specific requirement. Just leave it disabled so it 
won't do any harm.

Any feedback is welcome,
Rolf