On Sun, Feb 26, 2012 at 3:18 PM, Frank Cox <theatre at melvilletheatre.com> wrote: >> >> Without separate interfaces there's not much to distinguish your >> local/external concepts. > > As I see it, there's probably some way (that I haven't yet discovered) to > separate the traffic by gateway. Or at least some way to distinguish local > traffic from external traffic. There is, but not in the places that normal metrics are gathered. You need to look at the route toward the target IP address for your breakdown. There are tools to do it in iptables, but it is not a common operation so you are probably on your own to set up the matches and read the counters. Someone doing it on a larger scale would probably arrange subnets to isolate the traffic by interfaces or use routers with netflow metrics to track usage by connection. -- Les Mikesell lesmikesell at gmail.com > >> Did you try ntop? It basically acts as a >> packet sniffer that can group and summarize by a lot of different >> categories but there is a lot of overhead in building the database >> with all that info. > > I'll look at it. > > -- > MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com > www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos