At 12:17 PM 12/11/01 +1100, Edwin Humphries wrote: >G'day, > >We have a low volume ADSL connection to our three-client home office network, run >through a RH 6.2 server. We have ntop running to monitor network traffic, and the >ISP is warning us (using some rather suspect tools) that in a week we have exceeded >our month's allocation. Although I can move to the next plan up, which doubles the >allocation, even this would be inadequate, and to get a plan for the claimed usage >would be prohibitive. Although I don't have a problem with legitimate office use, >some of the ankle-biters are downloading MP3s, movies, and staying logged on to >hotmail, MSN messenger and ICQ for long periods of time - I suspect this is where >most of the traffic is going. > >So: is there a way that I can allocate a certain amount of the monthly traffic limit >to various logged-in users? In other words, person A logged in on machine 1 (an NT4 >client) has a defined traffic limit for the month?
Assuming your RH 6.2 server is your router, then yes it's possible, but I suspect you will need to upgrade your kernel and some packages. Kernel 2.4 has a much more powerful netfilter, with (among other things) support for rules that match only a certain number of packets in a certain period of time, this means you can build logical structures like "forward traffic from 1.2.3.4 if we've seen less than X packets in that direction today" into your router. You may find it easier just to upgrade to RH 7.1 or 7.2, but it is certainly possible to get iptables etc. working on 6.2 with a 2.4.x kernel. IMHO hard monthly limits are probably a bad idea, a person may become really annoyed if they tried to download a 1.7gb file on the 2'nd and then can't even get e-mail until the end of the month, I would suggest that you concentrate on limiting overall daily bandwidth usage instead. Usually the culprit in these cases is going to be large file transfers (downloads using a web browser or ftp client, or plus peer-to-peer stuff like napster and ICQ). You need to try to get on top of the situation, often on a per-program basis. It's probably a good idea to block the ports used by IRC, Napster, Gnutella and the like in the workplace, and to limit the speed of ICQ file transfers It's also very helpful to force all HTTP/FTP traffic to pass through a Squid proxy server, set not to refuse to download certain files, or to throttle the speed of downloads based on file size or filename. The cleanest way to do this that I'm aware of is to make the Squid HTTP proxy transparent (so all HTTP traffic passes through it without any browser settings) and then simply disallow outgoing FTP traffic unless they're using the proxy server (AFAIK it's not possible to make Squid into a transparent FTP proxy). That way you (or your tech support staff if you're lucky enough to have one) only have to deal with "my FTP client is broken" complaints rather than "my browser is broken" everytime somebody does a re-install. Squid is fairly easy to setup and well documented. Per-user and per-connection bandwidth limiting is a bit more complex, I'd suggest reading the Net-HOWTO http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html and Advanced Routing HOWTO http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html For a good understanding of the subject, but you can get a good cookbook for what you actually want from the Bandwidth Limiting HOWTO at http://www.linuxdoc.org/HOWTO/Bandwidth-Limiting-HOWTO/index.html It talks a bit about Squid as well (although I don't entirely agree with the author). To keep RPM happy you should get the ip command from the iproute RPM (available for RH 7.x) and cbq from the somewhat annoyingly named shapecfg package, as opposed to grabbing tarballs as suggested in the HOWTO. I'm not sure whether Redhat's Squid package has delay pool support by default. They tend to have an "everything-but-the-kitchen-sink" attitude, and they include sample delay pool config in the default squid.conf file, so I would expect that it does (I don't pay for bandwidth so I've never wanted to use it). If it doesn't support delay pools then I'd suggest you download the latest squid source RPM that works with your OS (presumably from the RH6.2 updates SRPMS section, but it might be in Powertools 6.2), tweak the make file and/or scripts to enable delay pools, and then build and install a new Squid RPM. Hope some of this was helpful. -- Microsoft is not the answer! "Microsoft?" is the question. "NO!" is the answer. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
