Networking :: Nagios - How To Handle Transparent Switches
Jan 26, 2010
I'm configuring Nagios at the moment, but I'm doubting my approach to transparent switches a bit. It seems from reading the documentation that Nagios wants me to ignore transparent switches, although I also doubt this interpretation of mine.
A little example, a VPN:
Code:
demarcation point
|
[router]
/
[switch][switch]
| / |
[7 clients] [switch] [switch]
/ |
[6 clients] [4 clients] [5 clients]
As you can see, there are 22 clients connected to the router. Since switches don't have an address, they cannot be measured. But if I ignore the switches, the schema is an oversimplified picture of reality. So what I'm looking for is a way to display the switches, even though they don't have an address. What I did was, I created the switches as where they proper fully featured ones, and listening to 127.0.0.1 as address. Luckily, this tricked Nagios. And it works, but it's not very elegant. Is there a better way to approach this pseudo-problem? Perhaps a build-in I overlooked?
View 10 Replies
ADVERTISEMENT
Jun 20, 2011
I have a question about bonded NICs and the switches they are connected to.
I have a server which needs to send a lot of data to another server quickly. Both have multiple GbE NICs. I understand what is required at the server end (I think) in that a pseudo-interface is created such as bond0 with the IP applied to that interface rather than eth0 and eth1.
My question relates to the connection between the servers, i.e. the switch. Is a specific type of switch required for this to work, as an IP will have 2 (or more) MAC addresses associated with it, or how does the switch decide to which port to route the traffic for the bond0 IP?
Also, will this only work when multiple connections are being made? What I mean is, will each individual TCP connection only use either the physical eth0 OR the physical eth1 interface, or can a single connection make use of the aggregated bandwidth, sending one packet to one physical interface and another to the other physical interface, using the bond0 IP as the destination?
What I am trying to work out is if I had a storage server connected to an application server and exporting storage using NFS or GlusterFS, would an aggregated link improve throughput?
View 7 Replies
View Related
Feb 12, 2009
I have 2 cisco sw 3500xl series working properly forwarding traffic. All operations are Layer 2. I have setup keep alive 10 on all the ports. They are connected to another sw together with a Linux router on Cent OS 5.2. I can't ping the switches from the Linux box. If I arping them, I get a response and after that they are accessible for telnet. Otherwise they are not. After 5min the macs are flushed from the arp table of the Linux box, and then again they are not accessible only if I arping them, or set a static mac.
View 1 Replies
View Related
Dec 20, 2009
I'm curious as to what defines the SNMP trap info sent by switches? I would like to get updates on 802.1x authentication and state of switches (all manufacturers if possible). Is the data sent via traps determined by the manufacturer or is it possible to modify/select it from the switch MIB?
View 3 Replies
View Related
Jan 6, 2010
Right now we are running a gigabit network with unmanagead switches. What do i gain performance wise and capability wise with moving to smart and managed and do these benefits make the cost worth it?
View 1 Replies
View Related
Jul 9, 2011
Error: Cannot open log file '/usr/local/nagios/var/archives/nagios-07-08-2011-00.log' for reading!
View 2 Replies
View Related
Aug 4, 2010
How to see the code behind the nagios plugin: Nagios Checker? I opened the folder which i have downloaded. After that where do i have to go to see the codes? Is it in App_Codes?
View 14 Replies
View Related
Jul 15, 2011
So we monitor all of our disk space, but only get pages for critical. What we would like to do is have one email sent to our team every month with all the "Warnings" for our disk. I have been searching and haven't found a way to do this. Any suggestions?
View 1 Replies
View Related
Feb 21, 2011
trying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
View 5 Replies
View Related
Jul 30, 2010
I have a problem in Eclipse for accessing update sites (for plugins). I am behind a NTLM proxy. Strangely, this proxy asks for a password while in Linux but not when in Windows�
To get around this annoying password issue, I already setup a working cntlmd proxy. I can use this proxy for mounting a remote DavFS2 share, for example. But the issue I have with Eclipse seems to involve proxy configuration. So I decided a transparent proxy could solve this issue. I installed tinyproxy on top of cntlmd, and added the following rule to the firewall:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 8888
Now, I can configure Firefox for direct access to the Internet, and display a web site only if I give this web site's IP instead of its name! I surmise that it's because when configured for direct access, Firefox performs DNS lookups using the local (intranet) DNS, instead of squeezing its lookups through the proxy and accessing a broader DNS (I wonder which). How can I make all DNS lookups go transparently through the transparent proxy?
View 1 Replies
View Related
Apr 2, 2009
i have configured transparent squid with dansguardian for content filtering i used this squid server ip on client gateway(not on browser) for content filtering, is it possible that i could use this squid server in different VLAN.
View 3 Replies
View Related
Mar 23, 2010
I am playing around with transparent proxies, unfortunately I do not have two machines to test it out with. The current way I am doing things is the program makes a request to a computer on port 80, I use
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that is listening on port 1234. The proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy and if it sent out to port 80 it would just be a infinite loop) so I want to do something like
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80
The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip?
View 1 Replies
View Related
Jun 29, 2011
Code:
Internet ---> Tap A--> Traffic Monitor
B--> Firewall --> Internal Network
I was hoping to make a server with Windows and "Colasoft Capsa" to capture and record all traffic. Is there a way to make it unaddressable so that I don't have to worry about someone getting into it? Like, put it in promiscuous mode, read and capture all traffic, without having an IP address or something like that?
View 2 Replies
View Related
Feb 9, 2010
I'm trying to setup a linux box with 3 NICs (2 WAN links and 1 LAN). All http traffic (port 80) should go to WAN 1 via squid proxy and the rest to WAN 2. I already setup MASQUERADING in iptables and I already configured port 80 to redirect to port 3128 for squid. My default gateway is WAN 2. But the problem is squid uses the default gateway - WAN2. setting up the iptables / routing for squid to use WAN 1?
View 7 Replies
View Related
May 10, 2010
I have seen there are some tricks to handle transparents switches using Nagios. Does anybody know if it is possible to handle unmanaged switches connected in daisy chain?In my network I have some devices connected in this way [switch]--[dev_1]--[dev_2]--[dev_3]
where "switch" is a managed switch" and dev_i is a device with an unmanaged switch inside (no snmp available). All the devices have an IP address. Is it possible to get the network topology with Nagios?
View 5 Replies
View Related
Aug 22, 2010
I am trying to use telnet from linux to connect to the port specified by me and trying to handle control C. But once Ctrl C is pressed the output on the client side stops showing. The server sends data but client doesnt print the same.
View 2 Replies
View Related
Sep 28, 2009
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies
View Related
May 6, 2011
I have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.
View 5 Replies
View Related
Nov 26, 2009
I'm looking to setup a transparent proxy, which (if I understand correctly) will allow me to monitor/control http traffic on my home lan with the use a log analyser.I'm planning on following this guide Yes... I'm cheap and don't wanna buy another NIC.My question: How does this all work? I get that http traffic goes to my server first, and then to the destination address, but how? What is stopping the other computers on my network from going straight to my router?Is my interpretation of a transparent proxy correct?
View 3 Replies
View Related
Jul 27, 2010
The challenge: I am trying to setup a piece of hardware that is transparent to the network that transfers ip packets between two interfaces without adding a "hop". Details The particular problem I'm having is that one interface is ppp, the other is ethernet. It is trivial to setup a bridge between two ethernet devices but I am having trouble finding anything for ppp<->ethernet.
Here, the ppp link is an internet connection, and the ethernet connection has exactly one device attached. Once the ppp link is negotiated, I want the ppp peer to think it's talking directly with the device on my ethernet interface and I want the device on my ethernet interface to think it's talking directly to the ppp peer.
Current solution: The best solution I currently have is to alter the routing table. When the ppp link is negotiated, I am given an ip address. I add a route that directs everything to that ip address to the eth0 device. I also set a default route to the ppp device. Now, anything that comes from the ethernet side gets forwarded to the ppp side, and anything directed towards my ip address gets forwarded to the eth0 side.
View 4 Replies
View Related
Mar 11, 2010
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
View 1 Replies
View Related
Apr 2, 2011
what kind of dist/software would you recomend to use for a a vpn server that can handle 10 diffrent nets each seperated from the other if i connect with user1 i get on net1 and user2 gets on net2 the vpn server is always connected to the other location at all time i just want to be able to conenct in to my the net i want to the reason i dont want to go Destination is that the vpn server is gonna handle otherstuff that the nets will be conencted to input
View 3 Replies
View Related
Apr 5, 2011
What is the best nagios web frontend available? I want one that allows to add hosts, remove them, configure them, etc. If possible, with a good documentation.
View 3 Replies
View Related
Mar 8, 2010
I have set up many Dansguardian/Squid proxy servers. All of them have been on a network where I could use Microsoft Group Policies to force the proxy settings on each machine. The entire setup is quite easy, surprisingly robust, and reliable as hell.
My Dentist talked to me today and asked for something different. He wants to set his office up as a wireless hot spot for his patrons, and he wants their surfing directed through a proxy server. I plan on putting them on a completely different subnet and independent router. Now, since I won't have the convenience of GP I'm wondering if there is a way to force all internal Port 80 traffic through the Proxy server but obviously not the Proxy itself. I would like to use the router to do this and not the Linux box. Is there a low cost home router like Linksys or Netgear that will do this?
View 2 Replies
View Related
Aug 29, 2011
I've problem with configuring transparent proxy on Fedora v13 was checking with several examples, last one from here on router (cisco 1812) everything seems ok, think there is a problem with Linux
Squid machine and router 'see each other'
Code:
While try to open web page, on GRE there is:
Code:
But when want to see what hapenning in tunnel between router and squid - there nothing...squid configuration is ok - was checking before try to make it transparent.
View 2 Replies
View Related
Jun 11, 2009
Need a bit of help from the linux community. Lately, I have been trying to configure squid as transparent proxy on my server running on RHEL5. I had gone through few articles on web abt how to configure it and configured squid accordingly adding http_accel_xyz settings and then configuring the NAT using iptables. But while restarting squid there were warnings about "unrecognized: http_accel_..." in parseConfigFile.What I could get from these is that probably I need to recompile squid adding transparent proxy support. I downloaded the new squid 3.0 and tried to compile it.But unfortunately, the 'make' command fails giving library errors.I have been stuck with t now as the new squid does not compile and old one does not support the transparent mode.could compile the new one and what supporting libraries do I need to compile it successfully and also from where can
View 7 Replies
View Related
Jul 24, 2010
what I am trying to do is use an external transparent proxy for only one of the hosts on my internal network. For example, for an internal host of 192.168.1.8, I want to send all internet requests for ANY port to a proxy server out in the internet at 238.34.232.7 / port: 8080. All other hosts would use the internet without using any proxy server. Is IPTables the way to set this up or is there an easier option?
View 3 Replies
View Related
Nov 10, 2010
I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.
eth1: 192.168.99.2 (Connect to eth1 of machine 2)
eth2: 192.168.98.2 (Connect to eth1 of machine 3)
machine 2 works as a webserver
eth1: 192.168.99.4
machine 3 works as a web client.
eth1: 192.168.98.4
my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.
View 7 Replies
View Related
May 20, 2010
I installed and configured a squid transparent proxy on my linux os at work. Also it is veryslow but every thing is ok while I do not try to use port 443,so when I try to use sites like mail.yahoo.com or other which are using https(443) port and the method used is CONNECT I see some errors in access.log like:
"NONE/400 xxxxx CONNECT error:method-not-allowed - NONE/- text/HTML"
and in cache.log somthing like:
""WARNING CONNECT method received on http Accelerator port 3128"
""WARNING for request: connect CONNECT login.yahoo.com:443 HTTP/1.1"
.
.
""ClientProcessRequest: Invalid Request"
[Code].....
View 22 Replies
View Related
Apr 26, 2011
I am trying to set up a network like this:
Internet <---> Router <---> Debian server <---> Windows PC
I want the server and PC to both have internet access, and I want to be able to forward ports from the router to the server. I know how to configure the server to give the PC internet access, but how would I assign an IP address to the server and give it internet access? I have used a very similar setup a few years ago, but I can't remember how to do this.
View 5 Replies
View Related
