search

smitmartijn / roneo-netflow-duplicator

NetFlow Duplicator: ingest NetFlow and send it out to multiple collectors
7 stars 4 forks source link

collector in different subnet to roneo #6

Closed micruzz82 closed 4 months ago

micruzz82 commented 4 years ago

Hi @smitmartijn

Due to our network restrictions, I need to place roneo in 1 subnet which is the oob subnet to the netflow devices.. and the collectors ( for security reason) are placed in a separate subnet.

Per your documentation it states: "For the spoofing to work, it's important to place Roneo in the same IP subnet as the collectors."

Can you please advise if the limitation is that the source device sending the netflow data will not be visibly with the correct IP on the collector after it is forwarded by roneo?

smitmartijn commented 4 months ago

Little late 😅 - but networking TCP/IP concepts generally prevent a host to send out traffic that doesn't originate from its own IP address. Roneo spoofs the ESXi host addresses to the collectors, which would be blocked by your routes/firewalls if you don't put it in the same subnet.