Using pfflowd on an CF (embedded) device
-
Hi
I would like to install pfsense on a WRAP 1-2 device, and use the pfflowd package.
The hardware vendor (Yawarra.com.au) will preinstall the latest release image, however then we can't install the package.
Any suggestions? The vendor have suggested that if we supply an image with the package already installed they will install it for us.
regards,
Finlay -
as far as i know embedded solutions are out of packages.
-
Its actually not that hard to install the package manually or to create a custom image with the package already installed. I have done this with miniupnpd. For pfflow it looks even easier.
The pfsense package depends on http://ftp-mirror.internap.com/pub/FreeBSD/ports/i386/packages-6.0-release/All/pfflowd-0.6.tbz
Download the above and extract the ppflowd from the sbin folder.
ppflowd goes in the /usr/local/sbin on the pfsense image
Download http://www.pfsense.com/packages/config/packages/pfflowd.xml
pfflowd.xml goes in the /usr/local/pkg on the pfsense image
From http://www.pfsense.com/packages/pkg_config.xml and pfflow.xml
Place the following in the installedpackages section in your config.xml file
<package><name>pfflowd</name>
<website>http://www.mindrot.org/pfflowd.html</website>
<descr>pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.</descr>
<category>Network Management</category>
<config_file>http://www.pfsense.com/packages/config/pfflowd.xml</config_file>
<depends_on_package_base_url>http://ftp13.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All</depends_on_package_base_url>
<depends_on_package>pfflowd-0.6.tbz</depends_on_package>
<version>0.6</version>
<status>BETA</status>
<required_version>1.0-RC3</required_version>
<configurationfile>pfflowd.xml</configurationfile>
<maintainer>nick@buraglio.com</maintainer></package><menu>
<name>pfflowd</name>
<tooltiptext>Modify pfflowd settings.</tooltiptext>
Services
<configfile>pfflowd.xml</configfile>
<url>/pkg_edit.php?xml=pfflowd.xml&id=0</url>
</menu><service><name>pfflowd</name>
<rcfile>pfflowd.sh</rcfile>
<executable>pfflowd</executable></service>That should be it. However the layout of pfflow is different from miniupnpd so I might be missing something. You can check out the scripts I use to create my custom image at http://wgnrs.dynalias.com:81/pfsense. They are self explanatory sh-custom-image.sh which invokes the rest sh-replace-config.sh sh-add-miniupnpd.sh, etc can be run seperately as well. All the files you need are there. Feel free to modify to your needs.
I would put more time into this but I have no need for pfflow, plus I have no way to test it out. What you might want to do if it doesn't work is install pfsense to a hard drive in a spare system and check out the config xml file to make sure its the same in the installed packages section and see what files are placed where for pfflow.
-
I had some spare time and made an image with the pfflowd package included. I just modified my miniupnpd script. Let me know how it works. I tested it in vmware and pfflowd starts, but I have nowhere to send the data to.
http://wgnrs.dynalias.com:81/pfsense/pfSense-Embedded-1.0-RELEASE-Pfflowd.img.gz
The steps to create this image on a FreeBSD machine are as follows:
wget "http://wgnrs.dynalias.com:81/pfsense/sh-add-pfflowd.sh" wget "http://wgnrs.dynalias.com:81/pfsense/sh-replace-config.sh" wget "http://wgnrs.dynalias.com:81/pfsense/cfg-default-pfflowd.xml" wget "http://wgnrs.dynalias.com:81/pfsense/pfSense-Embedded-1.0-RELEASE.img.gz" mv pfSense-Embedded-1.0-RELEASE.img pfSense.img.gz gunzip pfSense.img.gz chmod +x sh-add-pfflowd.sh sh-replace-config.sh ./sh-add-pfflowd.sh pfSense.img ./sh-replace-config.sh cfg-default-pfflowd.xml pfSense.img gzip pfSense.img mv pfSense.img.gz pfSense-Embedded-1.0-RELEASE-Pfflowd.img.gzIf you have backup of a custom config you'd like to put on the image then just replace the installedpackages section with the following file and substitue that for cfg-default-pfflowd.xml in the above steps.
http://wgnrs.dynalias.com:81/pfsense/cfg-add-pfflowd.xml
-
Not sure if you ever used this or not. Would be nice to get some feedback. Anyways I made a new image for 1.0.1 with pfflowd.
http://wgnrs.dynalias.com:81/pfsense/pfSense-1.0.1-Embedded-Pfflowd.img.gz
Heres the instructions for reproducing this, which are slightly different from before.
fetch "http://wgnrs.dynalias.com:81/pfsense/sh-add-pfflowd.sh" fetch "http://wgnrs.dynalias.com:81/pfsense/pfSense-1.0.1-Embedded.img.gz" mv pfSense-1.0.1-Embedded.img pfSense.img.gz gunzip pfSense.img.gz chmod +x sh-add-pfflowd.sh ./sh-add-pfflowd.sh pfSense.img gzip pfSense.img mv pfSense.img.gz pfSense-1.0.1-Embedded-Pfflowd.img.gz -
Hi
Sorry for the long delay.
I am using your image, and as far as I can tell it has the pfflowd stuff in it ok.
Havn't managed to actually get any data from it yet. Having a look at how to get it started etc…
Thanks for the image!
Finlay
-
Hello
I am just downloading the pre built image you made to give it a try.
I didnt see any one talking about how its working or not does any one know ?
can any one sugest a windows or linux(web based) tool for viewing/graphing the netflow info ?Regards
-
Just so you know that image is way out of date. I would recommend merging pfflowd into the 1.2 RC1 release.
-
Cool thanks
I didnt end up using that image, as i wanted VGA out not console :/ so i installed the full install and changed /etc/platform to embedded
pfflow works but lots just say its mostly useless :( it seems to combine all interface traffic in and out in the 1 interface's in information so unfortunitly its not much use
im waiting for 1.2 to go final/stable and upgrade but i dont think it will by the time I need to install the firewall