Hi Ian and Thanks for the reply.
Sorry, my fault.. I meant to say that the IP accounting box is part of a
4 port hub which has the Router and an uplink cable to the switch
connected to it as well. The packets ARE seen (just by running
tcpdump.. since I have the ethernet card set on Promisc mode)..
I was hoping I could use ipchains to do this task but it seems like
ipchains is not able to do the accounting unless the packets actually go
through the ethernet card. It was suggested by a SLUG member that I
could use ipfm and I'm in the middle of testing that (... and it's looking
good so far) so I might stick to ipfm.
Thanks again.
Regards,
Gonzalo.
++ 06/11/00 15:27 +1100 - Ian Ward:
> >This IP accounting box is currently just another node on the switch...
> >so it's NOT the main "default gateway" for all the servers that we host.
>
> your first problem is that you are on a switch. The switch learns the MAC
> address of the devices on each port and segments the traffic (I didn't use
> the word "route" as this implies IP routing).
>
> One solution is to use a small hub between the switch and your gateway
> (placing the Linux box on that hub as well), then you can sniff this segment
> (as you say, you don't want the linux box to be a point of failure)
>
> Ian.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
