This is an old revision of the document!
2 Export NAT flows in IPFIX (Netflow 10)
For data analisys on NAT flows on external systems IPFIX export is available (aka netflow v10).
Settings of NAT flows export:
ipfix_dev=em1 ipfix_nat_udp_collectors=1.2.3.4:1500,1.2.3.5:1501 ipfix_nat_tcp_collectors=1.2.3.6:9418
here
- em1 network device name for export
- ipfix_nat_udp_collectors addresses of udp collectors
- ipfix_nat_tcp_collectors addresses of tcp collectors
IPFIX template for NAT flows export
| ID | IANA | Size | Type | Description |
|---|---|---|---|---|
| 323 | 0 | 8 | int64 | System Time when the event occurred |
| 4 | 0 | 1 | int8 | protocolIdentifier |
| 230 | 0 | 1 | int8 | Type of Event |
| 8 | 0 | 4 | IP v4 | sourceIPv4Address |
| 225 | 0 | 4 | IP v4 | postNATSourceIPv4Address |
| 7 | 0 | 2 | int16 | Source Port |
| 227 | 0 | 2 | int16 | postNAPTsourceTransportPort |
| 12 | 0 | 4 | IP v4 | destinationIPv4Address |
| 11 | 0 | 2 | int16 | destinationTransportPort |
| 2000 | 43823 | 8 | int64 | Session ID |
| 2003 | 43823 | string | Login |
To collect information in IPFIX any universal collector can be used or IPFIX Receiver utility.