On 06/01/10 03:46, Michael Nguyen wrote:
- Using one of the many libpcap daemons to monitor and record traffic
patterns
- Use iptables
Each VPN node has the possibility of 64,000 IP addresses so if I used
iptables, I'd need to create iptables rules for each of those IP
addresses. That seems silly to me, but am I better off doing that
than running a daemon that at the end of the day will basically do the
same thing? Thanks in advance.
Are those 64K addresses all in one subnet? Then something like
iptables -A FORWARD -s 10.0.0.0/16 -j node1
iptables -A FORWARD -d 10.0.0.0/16 -j node1
iptables -A FORWARD -s 10.1.0.0/16 -j node2
... and so on
Then you can just collect the stats as and when you feel the need.
The advantage of that is that it's very easy to do and has very little
performance impact (I believe).
On the other hand, the various libpcap daemons that I came across when I
was looking for something for home might be better suited to what you're
after.
jch
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
