It is not my understanding that dup-to rewrites the source address of
the packet. It should serve your needs, well.
-Adam
On Apr 6, 2008, at 11:47 PM, Eric Pancer wrote:
We are taking netflow from various Cisco devices throughout our
enterprise
to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got
some Cisco
products in our environment that require us to have netflow sent to
more
than 2 versions, which means we need a netflow reflector built.
I understand the "dup-to" syntax in pf.conf(5) but it may not meet the
requirements for the reason that we wish not to re-write the source IP
address (as our netflow aggregation depends on the source address of
those
packets).
Has anyone ever crafted a UDP reflector which could re-write the
destination
address while keeping the source address intact? If you have done it
using
pf(4), were there any hurdles that you had to jump through to get
things
working?
Thanks in advance,
- Eric
--
``...don't you know, black is this years pink.''
