Build, configure and run ipt-netflow on Debian Linux

    General information




    System

    • Debian Squeeze (6.0.3) amd64
    • Kernel 2.6.38 from backports (at the time of preparation of this documentation - the latest)

    Build on a test system

    • Install the necessary packages:
      apt-get install -t squeeze-backports linux-headers-2.6.38-bpo.2-amd64
      apt-get install -t squeeze-backports quilt debhelper autotools-dev iptables-dev dkms pkg-config

    • Download and unpack sourceforge.net/projects/ipt-netflow/files/ipt-netflow
    • We compile and install in the assembly system:
      cd ./ipt_netflow-*
      ./configure
      make all
      make install
      depmod

    • We make an archive for installation on the gateway:
      find / lib -name "* NETFLOW *" | xargs tar czf \
      / tmp / ipt_netflow - $ (modinfo -F version ipt_NETFLOW) - $ (uname -r) .tar.gz

    Installation on a production system

    • Expand from archive
      tar xzf /tmp/ipt_netflow-*-*.tar.gz -C /
      depmod

    • Configure boot options (full list of options):
      echo options ipt_NETFLOW destination = 127.0.0.1: 9996> /etc/modprobe.d/netflow.conf

    • Download and check the status:
      modprobe ipt_NETFLOW
      sysctl -a | grep net.netflow

    • We start traffic through the sensor:
      iptables -A FORWARD -j NETFLOW

    • Check the count:
      iptables -nvL FORWARD | grep NETFLOW
      tcpdump -c5 -npi lo port 9996

    • Turn on startup:
      echo ipt_NETFLOW >> / etc / modules

    • Disable kernel update:
      echo linux-image-2.6.38-bpo.2-amd64 hold | dpkg --set-selections

    • If the collector is on another computer, then. at the time of loading the module, the interfaces and routing are not yet configured, the connection with the collector may fail with a kernel error 101 (“destination unreached”). To get around it, re-establish the connection from /etc/rc.local:
      f = "/ proc / sys / net / netflow / destination"
      test -e "$ f" && d = "$ (cat $ f)" && echo "$ d"> "$ f"



    Also popular now: