This tutorial is about the compilation and installation of NetFlow tool (fprobe) on the IPFire firewall. Fprobe is libpcap based tool which collects network traffic data and emit output as flows (NetFlow) towards the specified collector. NetFlow protocol supported devices collects all IP traffic and forward the collected data to a server for further analysis ( such as source & destination of traffic, bandwidth consumption of IP's etc).
NetFlow protocol is not supported by IPFire firewall however fprobe addon can be used on IPFire. So in this tutorial, fprobe tool will be compiled and installed on the IPFire environment. Already created lfs script is used in this detailed compilation guide. LFS script is required for the compilation of new addon on IPFire.
Environment setup
First setup IPFire development system using our previous article on compile IPFire firewall on Ubuntu 14.04. IPFire development environment setup for Ubuntu 16.04 is almost same.
Prerequisite
Before compilation of addon for IPFire system, it can be installed in the test environment or shell which is also provided by IPFire build system.
- First, copy desired package or software in the cache directory under ipfire-2.x directory
- run ./make shell command to get shell for test installation of package (fprobe).
- extract new addon and get inside the /usr/src/cache/frobe-1.1 directory.
- run ./configure script to check per-requisite of package as shown in below figure.
- pcap.h is not found on the development system.
- Fprobe tool is based on libpcap so following development library should be available on the build system.
apt-get install libpcap-dev
Make sure "pcap" directory must exist on the development system under ipfire-2.x/build/usr/include/pcap.
Following snapshot shows required pcap dependency is found on the development system.
Fprobe Compilation
Compilation of new addon on the IPFire development environment required lfs compilation script (fprobe) under ipfire-2.x\lfs directory and addition of script in the build script make.sh.
Already created compilation script of fprobe is used for the package (fprobe-1.1.tar.bz2) and copy it under lfs directory inside the ipfire-2.x.
As shown below, compilation script of fprobe tool is inside the lfs directory .
Changes in the make.sh build script is shown below.
Run following build command to include new addon in the IPFire system. However, build command will be run two times for the compilation of addon for IPFire environment.
./make.sh build
Output of first build shows that rootfile of fprobe is missing.
As shown in the above figure that the addon rootfile name is same as the name of package (fprobe-1.1) .
As shown below, rootfile of the addon is inside the log directory. Copy rootfile fprobe-1.1 into config/rootfiles/packages and rename it as lfs of fprobe package name.
cp log/fprobe-1.1 config/rootfiles/packages/fprobe
Output of the install script or make install command (files or folder created or removed) is stored int the package rootfile. Following sed command removes "+" sign from the package rootfile.
sed -i 's/+//g' config/rootfiles/packages/fprobe
PakFire is used on the IPFire for the management of packages which include three important routines ( install,uninstall and update ) in the IPFire addons.
- create a fprobe (name same as lfs script) directory in the src/paks path.
- copy routines (install,uninstall and update ) from src/paks/default/* path into the src/paks/fprobe.
Re-run build script for the compilation of fprobe addon. Following output shows the successful compilation of fprobe.
New package (fprobe-1.1-2.ipfire) is created for fprobe addon in the packages directory as shown below.
Installation of fprobe on IPFire
Copy newly created fprobe package (fprobe-1.1.2.ipfire) inside /opt/pakfire/tmp path.
Extraction and installation of fprobe package is shown in following snapshot.
tar -xf fprobe-1.1.2.ipfire
Run ./install.sh routine for the installation of compiled package.
Successful installation of fprobe on the IPFire system is shown below.
Conclusion
This tutorial is about the compilation and installation of NetFlow addon "fprobe" on the IPFire system. The purpose of this new addon is to collects network traffic data and forward towards the collector for further analysis.
The post How to Install fprobe (Netflow) Tool on IPFire Firewall appeared first on LinOxide.