On 06/21/07 11:00, Peter Rabbitson wrote:
This is not something I do automatically in netfilter - it is a
responsibility of the cron job.
*nod*
I am counting only INcomming traffic (the -i flag). The source matching
is there only for the following reason: consider
You ->1-> Uplink router ->2-> Internet
If hop 2 is down, then the uplink router might send you back ICMP
messages that whatever destination you are trying to reach is
unreachable. This will count as traffic from the internet, whereas in
fact it isn't. This is why you need to exclude (thus the _!_ in -s) the
immediate uplink hops, and count incomming traffic (whatever it might
be) from the "far side" of the internet only.
Ah, here is part of the problem.
( eth1 ) --- (DSL Modem) / DSL Gateway
Server --- (DMZ) --- (Linux Router)
( eth2 ) --- (Cable Modem / Cable Gateway
Note: Globally routable DMZ is connected to eth0.
Traffic will be to / from servers in the DMZ and clients on the internet
at large.
My "Linux Router" (above) *IS* the system that would send the ICMP ...
unreachable message. So, there is not an upstream router to look for
traffic from.
I suppose that I could match traffic coming in eth1 or eth2, but I would
have to be careful about he source / destination. However the very
existence of inbound traffic means that the link is up for at least
inbound traffic. However I also need to know that I can send traffic
too. I've had situations where the traffic would come in but not go out
(Do NOT ask how why!).
I suppose such monitoring will work, but I still feel like there is a
better solution out there.
There is also the fact that I am wanting to use one route unless it is
down and then use the backup. If the primary route is up and traffic
comes in the backup, it is to go back out the primary.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
