Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Softflowd source interface

    pfSense Packages
    3
    5
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SkyNET
      last edited by

      Hi guys,

      Simple question, hopefully simple answer. Is there a way to change the source interface where softflowd sends it's collected information from?
      Softflowd now uses the closest interface to the NetFlow collector destination.

      It would be nice to originate softflowd from an specific interface.

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So why would you not want to send it using the interface that is on the network the collector is on?  If it doesn't have an interface in the network your collector is on, I would assume it would use the interface with the best route to that.  If no specific routing then send it out the default..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          SkyNET
          last edited by

          I am collecting the information from the WAN interface and sending it to an monitoring server on a different subnet trough a site-2-site vpn connection.

          The pfsense-box1 is being monitored on MGMT IP 10.1.1.1 for example, the monitoring server uses this IP to collect SNMP data and receives syslog from 10.1.1.1.
          The monitorinserver then receives softflowd data from interface 10.2.1.1 on pfsense-box1, because of the IP used on the site-2-site interface.

          If I can set an source IP where NetFlow data originates, the monitoringserver understands that the Netflow-data is from pfsense-box1,
          and not from an different device using 10.2.1.1. I would like to keep using the MGMT IP for everything.
          Also from an ACL point of view this is better. Same as you would set an source interface for NTP updates.

          1 Reply Last reply Reply Quote 0
          • S
            SkyNET
            last edited by

            Just to be (hopefully) clear,

            softflowd/pfsense uses the routing table to determine which route is best/closest to the given destination. So, in this case, to the monitoring server on a different subnet.
            Then softflowd/pfsense determined that it needs to take interface OPT4 (site2site vpn) interface to route traffic to that subnet.
            Softflowd then originates traffic from the IP of that OPT4 interface (10.2.1.1)

            This way the monitoring server sees this NetFlow data from host 10.2.1.1 that is an unknown source, instead of 10.1.1.1 a.k.a. pfsense-Box1.
            If I can simply say, bind origin to the LAN interface (10.1.1.1) the monitoring server knows its from pfsense-Box1.

            Managing and monitoring devices on 1 MGMT IP is a must. I cannot image I'm the only one needing this function.
            Look at SNMP and syslog buildin to pfsense. These packages ask witch interface to bind to, or what the source interface is.

            It would be nice to have the same setting for softflowd/Netfow.
            Some hacks of configs are also welcome, but it should be an build-in option of the package in my opinion.
            Thanks again.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              It does not look like a bind interface option is present in the softflowd daemon itself, so it is not in the package either.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.