how about limiting on MAC addresses :? On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote:
> Hello all, > I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet > and eth1(192.168.100.x) to my local network customers. I've enabled nat and my > customers are able to browse the internet well (My customer are cyber cafe owners). > I've limited their bandwidth. The issue is that I've limited their bandwidth on > ipbasis ( say 192.168.100.6 is assigned 64kbps). My view is that they can change > their ip to something else (say 192.168.100.15) and consume full bandwidth because > i've not limited or given more bandwidth to that particual ip. > > To accomplish my condition, I thought of: > > #iptables -P FORWARD DROP > To disable all packet forwarding by default. > and then > > #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT > To allow my that particular ip to access the net. > > But after this command the customer isn't able to browse the net. He's still able to > ping my masquerading server. Where am i wrong and what could be a solution ? Please > help ! > > I also think my approach to be insufficient. Because still my customer with ip > (192.168.100.6) can connect to the net if he changes the ip to my some other > customers ip (192.168.100.15), say if his machine is shutdown at that time. > > Is there a better approach ? > Any reply will be greatly appreciated. > > Ritesh > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]