Bandwidth monitoring summary

[Darrell Burkey]

Thanks for all the feedback regarding my problem with using
ipac/ipchains/kernel 2.4. I'm a bit surprised that monitoring the volume of
traffic across specific hosts on a network turned out to be so challenging.

Everyone seemed to think MRTG was the way to go so I read up on it and SNMP.
Installation was fairly straight forward after reading up on the topics. I
found a MRTG script that exports data from any ipchains defined rules and
that allowed me to graph traffic based on anything I could come up with in
ipchains rules. And the MRTG package is very impressive. Unfortunately, I'm
not as interested in monitoring flow as I am in capturing the volume over a
period of time such as ipac does.

So it looks like ipac is still the way to go but this would require me to
convert my ipchains based packet firewalls to iptables and give away a very
useful webmin module I use to let clients control access of their hosts to
the Internet. My only other option would be to leave things as they are and
give up the ability to provide per user volume graphs. Either way, not a
very good outcome.

BTW, I did discover that while RedHat 7.1 does support iptables, it appears
to install the ipchains kernel module by default. Their doco states that if
any ipchains rules are found during an upgrade that this will happen but
others have told me it is the default and I think that is correct.
Apparently to use iptables you have to unload the ipchains module, remove
the ipchains rpm and load the iptables module with your scripts. I never did
find out why I could not automatically load the ipchains module like most
kernel modules (I've removed iptables) but it works fine to do this from a
script so it's not a problem.

Cheers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Darrell Burkey @ Home
Canberra, ACT