Pfflowd 0.8.3 giving wrong info



  • Hello all,

    I analyzed the information given by pfflowd with wireshark, and i found that the interface which is used by users, is not shown correctly.
    I configured a firewall rule with policy based routing, so all user computers in my LAN get to internet through that specific interface.
    What I saw in wireshark was different from what was configured.
    Since the interface which the LAN computers use is the "3". In wireshark, it appears that the interface is the "2".

    Wireshark output:

    pdu 1/12:
      SrcAddr: 192.168.10.65
      DestAddr: 31.13.73.33
      InputInt: 10
      OutputInt: "2"

    pdu 2/12:
      SrcAddr: 31.13.73.33
      DestAddr: 192.168.10.65
      InputInt: "2"
      OutputInt: 10

    The correct output would be:

    pdu 1/12:
      SrcAddr: 192.168.10.65
      DestAddr: 31.13.73.33
      InputInt: 10
      OutputInt: "3"

    pdu 2/12:
      SrcAddr: 31.13.73.33
      DestAddr: 192.168.10.65
      InputInt: "3"
      OutputInt: 10

    This is causing trouble in my netflow analyzer and giving wrong information about the interfaces. It shows that users just get to the internet using another interface. Yet pfsense shows that they are using the correct interface.

    I would need to know if there is any way that this could be fixed.

    Thanks in advance,
    Gianca


  • Rebel Alliance Developer Netgate

    There isn't much we can do to/for pfflowd at that level. If it isn't giving you what you want, try the softflowd package.



  • Thanks for the reply!

    Why can't you? Maybe you could solve this issue in a future version.
    I'll give it a try with the softflowd package and then I update this issue.


Log in to reply