Community discussions

 
joba
just joined
Topic Author
Posts: 5
Joined: Mon Jul 08, 2019 1:12 pm

Problem running Traffic Flow

Mon Jul 08, 2019 1:29 pm

Dear all,

I'm trying to collect Netflow/IPFIX data form a RB1102AHx2 box but I don't receive anything and on the Traffic Flow Settings Status, all counters always show 0
Here are my config
enabled: yes
interfaces: Internal-lan
cache-entries: 16k
active-flow-timeout: 1m
inactive-flow-timeout: 15s

# SRC-ADDRESS DST-ADDRESS PORT VERSION
0 0.0.0.0 192.168.0.253 1234 ipfix
Changed interfaces to wan but same result.

What am I missing ?

Thank you,
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Problem running Traffic Flow

Mon Jul 08, 2019 3:29 pm

Hey

Which interfaces are in the list " Internal-lan"? It's not empty right?
 
joba
just joined
Topic Author
Posts: 5
Joined: Mon Jul 08, 2019 1:12 pm

Re: Problem running Traffic Flow

Mon Jul 08, 2019 4:04 pm

Thanks,

internal-lan is ether2, while wan is ether1

BR
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Problem running Traffic Flow

Mon Jul 08, 2019 5:05 pm

See also https://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow

Normally that should be a single (two to change server address) step operation.

Post your config, so it can be consulted: /export hide-sensitive
 
joba
just joined
Topic Author
Posts: 5
Joined: Mon Jul 08, 2019 1:12 pm

Re: Problem running Traffic Flow

Tue Jul 09, 2019 10:02 am

Hi again,

Please find the config:

# jul/09/2019 08:00:58 by RouterOS 6.44.3
# software id = SBVX-T5T0
#
# model = 1100AHx2
# serial number =
/interface bridge
add admin-mac=xx auto-mac=no comment=\
"created from master port" name=bridge1 protocol-mode=none
add admin-mac=yy auto-mac=no comment=\
"created from master port" name=bridge2 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN-FO speed=100Mbps
set [ find default-name=ether2 ] name=ether2-LAN-OFFICE speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether12 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether13 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add disabled=no interface=ether1-WAN-FO name=pppoe-isp user=\
pppoe-login@isp.com
/interface ethernet switch
set 0 mirror-source=ether1-WAN-FO mirror-target=ether5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Streaming regexp="^.+(youtube.com|dailymotion.com|metacafe.com|ishare\
.rediff.com|vimeo.com|frenchpopcorn.com|fullmoviz.org|full-stream.me|dpstr\
eam.net|sokrostream.biz|seriezone.com|voirfilms.org|full-cinema.com|papyst\
reaming.com|filmsvostfr.org).*\$"
add name=PORN regexp="^.+(veta|xxl|fory|beeg.com|vody|xvideos.com|vivid|XXX|tu\
be|Babe|fuck|hardcore|adult|erotic|teen|PornHub|xHamster|sex|porn|boridana\
|rulertube.com|slut|handjob|xvid|orgasm|H2porn|movies|88gal|youporn|eporne\
r|mofosex|drtuber|xbabe|eroxia|deviantclip|apetube|anal|gangbang|orgy|piss\
ing|blowjob|booty|tits|pussy|butt|fisting|dildo|voyeur|sucking|suck|dick|d\
oggy|dp|hentai|dorcel|chobix|redtube|cum|youporn|exhib|cam|porndig|squirt|\
milf|cock|erotic|sexe|xnxx|pornstar|camster|sexual|pornhub|porntube|IXXX|y\
ourfreepron|pornovore|bestamt|tukif|frenchytube|rabbitfinder|voissa|sexylo\
o).*\$"
add name=FB regexp="^.+(facebook.com|youtube|badoo|m.facebook|dailymotion|twit\
ter|instagram).*\$"
add name=PROXY regexp="^.+(hideme|proxy|youhide|anonysurfer.com|proxify|proxys\
ite|hide.me|toolur|whoer.net|megaproxy|zend2|hidester|proxfree|proxy|unblo\
ck|ultrasurf|anonym).*\$"
add name=TELECHARGEMENT regexp="^.+(zone-telechargement.com).*\$"
add name=DOWN regexp=\
"^.+(telechargement|telecharger|download|cpasbien|streem|stream).*\$"
add name=P2P regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjun\
kie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thund\
erbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixf\
lux|seedpeer|fenopy|gpirate|commonbits).*\$"
add name=TORRENT regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane\
|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity\
|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|full\
dls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$ "
add name=MKV regexp="^.*get.+\\.mkv.*\$"
add name=AVI regexp="^.*get.+\\.avi.*\$"
add name=DAT regexp="^.*get.+\\.dat.*\$"
add name=FLV regexp="^.*get.+\\.flv.*\$"
add name=ISO regexp="^.*get.+\\.iso.*\$"
add name=APK regexp="^.*get.+\\.apk.*\$"
add name=MPG regexp="^.*get.+\\.mpg.*\$"
add name=MOV regexp="^.*get.+\\.mov.*\$"
add name=WMA regexp="^.*get.+\\.wma.*\$"
add name=WMV regexp="^.*get.+\\.wmv.*\$"
add name=EXE regexp="^.*get.+\\.exe.*\$"
add name=RAR regexp="^.*get.+\\.rar.*\$"
add name=MP3 regexp="^.*get.+\\.mp3.*\$"
add name=MP4 regexp="^.*get.+\\.mp4.*\$"
add name=MSI regexp="^.*get.+\\.msi.*\$"
add name=ZENMATE regexp="^.+(api.zenguard.biz|zenmate.io|zenguard.zendesk.com|\
zendesk.com|zenguard.org).*\$\r\
\n"
add name=BROWSEC regexp="^.+(postls.com|postlm.com|posls.com).*\\\$\r\
\n"
/ip pool
add comment="192.168.0.20-192.168.0.69 201907060856" name=dhcp ranges="192.168\
.0.20-192.168.0.69,192.168.0.70-192.168.0.200,192.168.0.210-192.168.0.230"
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=7h name=dhcp2
/queue simple
add burst-threshold=2M/2M burst-time=5s/5s comment="Rakibs-air Queue limit" \
max-limit=1M/1M name=Test target=192.168.0.112/32 time=\

/queue type
add kind=pcq name=Upload-Queue pcq-burst-rate=6500k pcq-classifier=\
src-address pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
add kind=pcq name=Download-Queue pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=6M pcq-src-address6-mask=64
/queue simple
add disabled=yes name=Queue-Limitation queue=Upload-Queue/default target=\
192.168.0.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
add addresses=192.168.0.254/32 name=m1nDurOwnbuzz
/system logging action
set 1 disk-stop-on-full=yes
set 3 remote=192.168.0.254
/user group
add comment="accounting user" name=sniffer policy="ssh,read,!local,!telnet,!ft\
p,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!a\
pi,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-LAN-OFFICE
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether8
add bridge=bridge2 interface=ether9
add bridge=bridge2 interface=ether10
add bridge=bridge2 interface=ether6
/interface l2tp-server server
set enabled=yes
/interface pptp-server server
set enabled=yes
/ip accounting
set enabled=yes threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.252/30
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether12 network=\
192.168.88.0
add address=192.168.0.1/24 interface=bridge1 network=192.168.0.0
/ip dhcp-server lease

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=nn.nn.nn.nn gateway=\
192.168.0.1
/ip dns
set servers=nn.nn.nn.nn,pp.pp.pp.pp
/ip firewall address-list
/ip firewall filter
add action=accept chain=forward comment="alibaba site" content=alibaba.com \
src-address=192.168.0.0/24
add action=drop chain=forward comment="DROP VPN / PPTP forward" protocol=gre \
src-address=192.168.0.0/24
add action=drop chain=forward comment="IPSEC-ESP F" protocol=ipsec-esp \
src-address=192.168.0.0/24
add action=drop chain=forward comment="IPSEC-AH F" protocol=ipsec-ah \
src-address=192.168.0.0/24
add action=drop chain=input comment="DROP VPN / L2TP" dst-port=500 protocol=\
udp
add action=accept chain=forward comment="Server Win 2012" src-mac-address=\
74:D4:35:71:01:55
add action=drop chain=input comment="NAT TRANSVERSAL" disabled=yes dst-port=\
4500 protocol=udp
add action=drop chain=forward comment=Phone17 src-mac-address=\
30:39:26:01:51:39
add action=drop chain=forward comment=Phone19 src-mac-address=\
9C:A9:E4:32:7F:6B
add action=drop chain=forward comment=Android16 src-mac-address=\
E4:32:CB:D0:74:FE
68:DF:DD:41:5B:A9
add action=drop chain=forward comment=Android581 src-mac-address=\
14:9F:E8:F4:9E:4B
add action=drop chain=forward comment=RAR disabled=yes layer7-protocol=RAR \
src-address=192.168.0.0/24
add action=drop chain=forward comment=MKV content=.mkv src-address=\
192.168.0.0/24
add action=drop chain=forward comment=MOV content=.mov src-address=\
192.168.0.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip proxy
set src-address=192.168.0.1
/ip route
add distance=1 gateway=pppoe-isp
/ip service
set telnet disabled=yes port=8023
set ftp disabled=yes
set www address=192.168.0.0/24 port=89
set ssh address=192.168.0.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set active-flow-timeout=1m cache-entries=16k enabled=yes interfaces=\
ether2-LAN-OFFICE
/ip traffic-flow target
add dst-address=192.168.0.254 port=1234 version=ipfix
/snmp
set enabled=yes trap-community=m1nDurOwnbuzz trap-version=3
/system clock
set time-zone-name=Indian/xx
/system identity
set name=Anarana
/system ntp client
set enabled=yes primary-ntp=tt.tt.tt.tt server-dns-names=""
/tool graphing interface
add interface=ether1-WAN-FO store-on-disk=no
add interface=bridge1 store-on-disk=no
add interface=ether1-WAN-FO store-on-disk=no
/tool graphing queue
/tool sniffer
set filter-interface=ether1-WAN-FO filter-ip-address=192.168.0.0/24 \
filter-ip-protocol=tcp filter-port=!996 filter-stream=yes \
streaming-server=192.168.0.253
 
joba
just joined
Topic Author
Posts: 5
Joined: Mon Jul 08, 2019 1:12 pm

Re: Problem running Traffic Flow

Tue Jul 09, 2019 11:23 am

Sorry for duplicate
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Problem running Traffic Flow

Thu Jul 11, 2019 1:53 pm

Hey

The ether2 is "slave", as it's part of bridge1.
/interface bridge port
add bridge=bridge1 interface=ether2-LAN-OFFICE
/ip traffic-flow
set active-flow-timeout=1m cache-entries=16k enabled=yes interfaces=ether2-LAN-OFFICE
Try monitoring bridge1 instead then.
 
joba
just joined
Topic Author
Posts: 5
Joined: Mon Jul 08, 2019 1:12 pm

Re: Problem running Traffic Flow

Thu Jul 11, 2019 5:54 pm

Hi,

Thanks for your answer. I tried interface "all" and got data from mikrotik.

Thanks for your help !

Who is online

Users browsing this forum: MSN [Bot] and 173 guests