Hi, I have a couple of questions regarding netfilter capability. I am building a network management system (a set of servers and software on a large network) and encountering a number of challenges. I would like to be able to send all NMS traffic (snmp, syslog, netflow etc) to a single linux-based server per location, which then forwards the traffic to an associated grouping of servers that are 'behind' this server or on the same subnet. However I have multiple servers that want to receive the same (udp) traffic stream. This is partly to achieve redundancy, partly because there are limitation in how many destinations can be set on the device sending the traffic. SO, iptables can handle the forwarding and NAT, but can I forward a udp stream to more than one device? Secondly - and this is a big ask but I am mainly looking for ideas about how I might achieve this - I would like the status or reachability of the end device to be tracked by the packet forwarder, such that if the device becomes unreachable the traffic is disk cached on the gateway until it becomes reachable again, or storage limits are reached. To illustrate this, imagine I have a router sending syslog to the "NMS gateway" - the server running iptables. The gateway translates the dst address in the ip header to that of a logging server - the final destination of the syslog traffic. After a while it determines the logging server is unreachable, and forwarded traffic is probably not getting through. It starts caching all traffic on disk. A short time later the logging server becomes reachable and the cached traffic is forwarded. One way to achieve this would be by converting the udp stream to individual tcp streams. Is there an application/feature/tool that can handle this? Would appreciate any info or pointers in the right direction. cheers, Ben
