On Tue, 2003-05-27 at 17:18, Charles Kidson wrote: > Surely you want your firewall between your customers and the router > (ie between your customers and the net.) > > Internet > | > Router > | - eth0 > Firewall > | - eth1 > Internal Lan > > > (presuming that the firewall is multihomed) > Unfortunately, I don't have that much say over the network structure. Certainly that setup would be easier for me to conceptualise. However, the server is a off-site managed rack mount machine and it is not possible to add another network card to it, nor is it possible to reconfigure where the internet connection is. Up until now, we have been getting the router to do the NATing, but now we need to come up with a solution for monitoring the bandwidth usage of our connected clients. Apparently, logging every IP header and then totalling the packet lengths every hour for some 200 connected clients would be prohibitive for the router. This is when I decided to look into the possibility of getting the router to send all packets up to the Firewall where we can do better firewalling anyway and can write a daemon to interface with the ULOG target to total packet lengths per IP. Please see my next thread on monitoring bandwidth usage if you want to discuss this aspect further. Regards. Mark.
Attachment:
signature.asc
Description: This is a digitally signed message part