A short story.
I have such prerequisites:
- VyOS 1.1.8 with netflow v5 enabled on the two p2p external ifaces connected to two ISPs, and one dmz iface connected to our public network - 92.255.xx.0/24
- VyOS also has two interfaces connected to our internal networks with private addresses
- VM with the Fastnemon Advanced trial license.
Netflow configured and running ok, and on the Fastnetmon VM we can see:
- all inbound traffic coming from the Internet on any public address from the network 92.255.xx.0/24 - traffic arrives on the host with the public IP or on the host published through the NAT
- when I generate some outbound traffic from the host with the public address 92.255.xx.yy, I can see this traffic too
- when I generate outbound traffic from the host in our private network, and this traffic going NAT’éd through the external iface on the router, I can not see this outbound traffic in the Fastnetmon.
I followed this topic and configured internal interface bond0.31 on the VyOS as suggested:
set system flow-accounting interface bond0.31 sudo iptables -t filter -I VYATTA_POST_FW_IN_HOOK 1 -o bond0.31 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10 sudo iptables -t filter -I VYATTA_POST_FW_FWD_HOOK 1 -o bond0.31 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10 sudo iptables -t filter -I VYATTA_POST_FW_OUT_HOOK 1 -o bond0.31 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10
But still cannot see traffic going from internal hosts outside - I can see that only “other traffic” counting, but it’s not a solution.
It would be nice, if you can advise in resolving this situation.