Installing and using fprobe on IPFire

Introduction

Some of you might be familiar with the netflow protocol, but if you are not, it is quite simple. Basically a device capable of netflow collects all IP traffic and sends the data to a server to analyze it further, allowing the administrator to see where the traffic is coming from and where it is going. But you might want to read up on this topic on wikipedia.

Now the IPFire system does not out of the box offer support for the netflow protocol but thanks to the really awesome addon system it is very simple to extend its functionality. Since there was no addon that allowed me to install a netflow probe I went ahead and created a fprobe package for ipfire. I went with fprobe because all the requirements were already met on the ipfire system and it is quite lightweight on system resources.

Now to the actual building of the addon. Below is the lfs script I wrote for the ipfire build system to create the package. If you want you can go ahead and build the addon yourself using this script and the official sources but I will also provide the package I build for myself (if you plan on building it yourself you might want to read the official wiki) as I will not cover the build system.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
##############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################
 
###############################################################################
# Definitions
###############################################################################
 
include Config
 
VER        = 1.1
 
THISAPP    = fprobe-$(VER)
DL_FILE    = $(THISAPP).tar.bz2
DL_FROM    = http://files.sysmike.net/sonstiges/
DIR_APP    = $(DIR_SRC)/$(THISAPP)
TARGET     = $(DIR_INFO)/$(THISAPP)
PROG       = fprobe
PAK_VER    = 2
 
DEPS       = ""
 
###############################################################################
# Top-level Rules
###############################################################################
 
objects = $(DL_FILE)
 
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
$(DL_FILE)_MD5 = 65850d0470078269b33eee58cba77ac2
 
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
 
download :$(patsubst %,$(DIR_DL)/%,$(objects))
 
md5 : $(subst %,%_MD5,$(objects))
 
dist:.
	$(PAK)
 
###############################################################################
# Downloading, checking, md5sum
###############################################################################
 
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	@$(CHECK)
 
$(patsubst %,$(DIR_DL)/%,$(objects)) :
	@$(LOAD)
 
$(subst %,%_MD5,$(objects)) :
	@$(MD5)
 
###############################################################################
# Installation Details
###############################################################################
 
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	@$(PREBUILD)
	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xvf $(DIR_DL)/$(DL_FILE)
	cd $(DIR_APP) && ./configure
	cd $(DIR_APP) && make $(MAKETUNING)
	cd $(DIR_APP) && make install
	@rm -rf $(DIR_APP)
	@$(POSTBUILD)

Installation & Usage

If you are using ipfire you probably are familiar on how to install addons on your system but in case you are not, here the three commands you have to execute.

1
2
3
wget https://files.sysmike.net/sonstiges/fprobe-1.1-2.ipfire
tar xvf fprobe-1.1-2.ipfire
./install.sh

These three lines should have successfully installed fprobe on your system. Currently you can only start fprobe manually using a batch file or the similar as I have yet to look into a way to create an init.d script. Below is the script I currently use.

1
2
3
4
5
fprobe -i red0 <ip-collector:port>
fprobe -i green0 <ip-collector:port>
fprobe -i blue0 <ip-collector:port>
fprobe -i orange0 <ip-collector:port>
fprobe -i tun0 <ip-collector:port>

The netflow collector should now recieve its first data from the probes.
If there are any questions feel free to ask in the comments.