[mrtg] Monitoring the Exterior Router
David L Kindred (Dave)
d.kindred at telesciences.com
Thu Sep 26 22:46:21 MEST 2002
I'm slowly expanding my use of MRTG. I've reached the point where I'd
like to monitor the Exterior Router on my Network. Currently, I am
running MRTG (and the associated Web Server) on an internal machine. I
have deliberately setup my Routing and Firewall rules such that internal
machines can't directly access the Exterior Router (and vice-versa).
Which means I can't simply collect and graph the data with the existing
setup.
I'm looking for comments from others on which of the following setups
you may have used and what they like/don't like about each:
1) Running a separate instance of MRTG and Web Server in the Perimeter
Network (DMZ) to monitor the Exterior Router.
2) Run MRTG in the Perimeter Network, but copy the generated graphs to
the internal web server.
3) Install some sort of proxy/gateway to allow the internal MRTG machine
to collect SNMP data from the Exterior Router without direct
connectivity.
4) Open up my routing rules and Firewall rules to allow the interior
machine and Exterior Router to talk to one another.
5) Forget the whole thing.
I don't like option 1 as it adds more things to maintain and means you
have to look in two places to see the whole network. Option 2 may
actually have the fewest security issues, but seems clumsy. Option 3
would create some security loopholes, and I'm no sure how to implement
this. In the SNMP world a "proxy" seems to be a complex entity. I
don't know if a "plug-gw" type proxy is available for UDP. Option 4 is
fairly simple, but changes my security implementation. Option 5 is the
easiest, but that's a cop-out.
I've re-red the FAQ, poked about with Google, but haven't found any
obvious answers.
Dave
--
David L. Kindred <mailto:d.kindred at telesciences.com>
Unix Systems & Network Administrator
Telesciences, Inc. <http://www.telesciences.com>
Support: <http://support.telesciences.com>
2000 Midlantic Drive, Suite 410, Mt. Laurel, NJ 08054
Tel: +1.856.866.1000 ext. 4184
Fax: +1.856.866.0185
---
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list