vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-28 06:59:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Examples of how to use ntopng on a host with two interfaces (e.g. Raspberry PI)

Browse source
This commit is contained in:
Luca Deri 2017-01-26 23:19:48 +00:00
parent c45849d73e
commit 700f56a4f0
6 changed files with 125 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/README.bridging
View file

@ -21,7 +21,6 @@ NOTE:
network interfaces
Enabling Captive Portal
-----------------------
Captive portal is used to authenticate legitimate users and bind them to the
@ -31,3 +30,4 @@ correct host pool. In order to enable this feature
- ntopng must be active on port 80 (and port a different port) for authenticating users (-w 80,3000)
When the captive portal is used, port 80 is used only for that purpose (i.e. it cannot be used to connect to the ntop GUI).

5
doc/README.netfilter
View file

@ -9,8 +9,8 @@ marked with protocol identifier 125.
# ntopng -h|grep Skype
[125] Skype
You can leverage protocol identifiers to assign different QoS classes to your traffic(e.g., shape, drop, etc). In
essence you can implement an application-level firewall.
You can leverage protocol identifiers to assign different QoS classes to your traffic
(e.g., shape, drop, etc). In essence you can implement an application-level firewall.
Using NetFilter
---------------
@ -89,3 +89,4 @@ NOTE
When you send traffic to NFQUEUE if ntopng is NOT running, packets will be
blocked in the IP stack as they dont get processed. So make sure ntopng
is running all the time before using this mechanism.

68
doc/README.raspberry Normal file
View file

@ -0,0 +1,68 @@
Using ntopng as a WiFi Access Point/Router+NAT
----------------------------------------------
Suppose you have a device (e.g. a Raspberry PI) that has a wifi device you want to turn into
a an access point that connects to the Internet though the ethernet port. ntopng can be used
to enforce traffic policies as described below (valid for Debian-based distributions).
- Edit /etc/wpa_supplicant/wpa_supplicant.conf and edit the configuration (e.g. edit the coutnry field
- If not previously installed do
# apt-get install hostapd
- Edit /etc/network/interfaces and comment the following lines
#allow-hotplug wlan0
#iface wlan0 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
- Create a file name /etc/hostapd/hostapd.conf and put the following text
interface=wlan0
ssid=ntopng
hw_mode=g
channel=6
auth_algs=1
wmm_enabled=0
# The lines below are only for the built-in Raspberry Pi 3 Wi-Fi module
ieee80211n=1 # 802.11n support
wmm_enabled=1 # QoS support
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
- Edit /etc/default/hostapd and set
DAEMON_CONF="/etc/hostapd/hostapd.conf"
- Enable hostapd
# update-rc.d hostapd enable
and start it
# service hostapd start
- Install (if not present) DHCPd
apt-get install isc-dhcp-server
- Configure DHCP by adding this line at the end of /etc/dhcp/dhcpd.conf
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
- Edit /etc/default/isc-dhcp-server
and set
INTERFACES="wlan0"
Read More
---------
See also the following examples:
- ../tools/wifi_router.sh
Use ntopng in routing mode
- ../tools/wifi_bridge.sh
Use ntopng on bridge mode

14
include/NetworkInterface.h
View file

@ -219,14 +219,14 @@ class NetworkInterface {
inline u_int get_flow_size() { return(ndpi_detection_get_sizeof_ndpi_flow_struct()); };
inline u_int get_size_id() { return(ndpi_detection_get_sizeof_ndpi_id_struct()); };
inline char* get_name() { return(ifname); };
inline int get_id() { return(id); };
inline bool get_sprobe_interface() { return sprobe_interface; }
inline bool get_inline_interface() { return inline_interface; }
inline bool get_has_vlan_packets() { return has_vlan_packets; }
inline bool hasSeenVlanTaggedPackets() { return(has_vlan_packets); }
inline void setSeenVlanTaggedPackets() { has_vlan_packets = true; }
inline int get_id() { return(id); };
inline bool get_sprobe_interface() { return sprobe_interface; }
inline bool get_inline_interface() { return inline_interface; }
inline bool get_has_vlan_packets() { return has_vlan_packets; }
inline bool hasSeenVlanTaggedPackets() { return(has_vlan_packets); }
inline void setSeenVlanTaggedPackets() { has_vlan_packets = true; }
inline struct ndpi_detection_module_struct* get_ndpi_struct() { return(ndpi_struct); };
inline bool is_sprobe_interface() { return(sprobe_interface); };
inline bool is_sprobe_interface() { return(sprobe_interface); };
inline bool is_purge_idle_interface() { return(purge_idle_flows_hosts); };
inline void enable_sprobe() { sprobe_interface = true; };
int dumpFlow(time_t when, bool idle_flow, Flow *f);

12
tools/wifi_bridge.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
# Setup the bridge
brctl addbr br0
brctl addif br0 eth0 wlan0
# Enable the iptables
iptables -F
iptables -A FORWARD -m physdev --physdev-in wlan0 -j NFQUEUE --queue-num 0
# Now start ntopng in bridging mode on netfilter
# ntopng -i nf:0 -w 80,3000

34
tools/wifi_router.sh Executable file
View file

@ -0,0 +1,34 @@
#!/bin/sh
#
# See
# ntopng/doc/README.raspberry
#
# Give WiFi an IP address
ifconfig wlan0 192.168.42.1 netmask 255.255.255.0
# Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enabling NAT
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Enable NFQUEUE
iptables -A FORWARD -i wlan0 -j NFQUEUE --queue-num 0
iptables -A FORWARD -i eth0 -j NFQUEUE --queue-num 0
# Enable forwarding
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# Check NAT
# iptables -t nat -S
# iptables -S
# Enable DHCPd
service isc-dhcp-server start
# Start ntopng
ntopng -i nf:0 -w 80,3000