[mrtg] Monitoring the Exterior Router

David L Kindred (Dave) d.kindred at telesciences.com
Thu Sep 26 22:46:21 MEST 2002

I'm slowly expanding my use of MRTG.  I've reached the point where I'd
like to monitor the Exterior Router on my Network.  Currently, I am
running MRTG (and the associated Web Server) on an internal machine.  I
have deliberately setup my Routing and Firewall rules such that internal
machines can't directly access the Exterior Router (and vice-versa).
Which means I can't simply collect and graph the data with the existing

I'm looking for comments from others on which of the following setups
you may have used and what they like/don't like about each:

1) Running a separate instance of MRTG and Web Server in the Perimeter
   Network (DMZ) to monitor the Exterior Router.

2) Run MRTG in the Perimeter Network, but copy the generated graphs to
   the internal web server.

3) Install some sort of proxy/gateway to allow the internal MRTG machine
   to collect SNMP data from the Exterior Router without direct

4) Open up my routing rules and Firewall rules to allow the interior
   machine and Exterior Router to talk to one another.

5) Forget the whole thing.

I don't like option 1 as it adds more things to maintain and means you
have to look in two places to see the whole network.  Option 2 may
actually have the fewest security issues, but seems clumsy.  Option 3
would create some security loopholes, and I'm no sure how to implement
this.  In the SNMP world a "proxy" seems to be a complex entity.  I
don't know if a "plug-gw" type proxy is available for UDP.  Option 4 is
fairly simple, but changes my security implementation.  Option 5 is the
easiest, but that's a cop-out.

I've re-red the FAQ, poked about with Google, but haven't found any
obvious answers.


David L. Kindred <mailto:d.kindred at telesciences.com>
Unix Systems & Network Administrator
Telesciences, Inc. <http://www.telesciences.com>
Support: <http://support.telesciences.com>
2000 Midlantic Drive, Suite 410, Mt. Laurel, NJ 08054
Tel: +1.856.866.1000 ext. 4184
Fax: +1.856.866.0185

Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list