Re: IP accounting software
Have a look at ipac-ng - IP Accounting for iptables( kernel =2.4) Micah On Tue, 24 Aug 2004, Ritesh Raj Sarraf wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It just seems to be a reporting tool. What I was wanting was to control connectivity to a user on the basis of bandwidth. I am wanting to sell services to my customer in terms of bandwidth, say 500mb/month. Is there a utility available or do I need to do some scripting ? On Tue, 24 Aug 2004, Vijaya S wrote: Ritesh Raj Sarraf wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have tried ipfm anf it works good. Hi all, I'm trying to implement ip accounting on the basis of bandwidth consumption to my cable lease users. Can someone please suggest me a good utility for this ? - -- Ritesh Raj Sarraf RESEARCHUT -- http://www.researchut.com Gnupg Key ID: 04F130BC Stealing logic from one person is plagiarism, stealing from many is research. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFBKttU4Rhi6gTxMLwRAhv/AKCq+1fWruPuoT66PlfmBv9mB5fA6ACgjt7s cIlwarwplodQZT2O3EKBw4k= =WaB5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSPAM Setup
On Fri, 23 Jul 2004, maarten wrote: On Friday 23 July 2004 16:27, Adrian 'Dagurashibanipal' von Bidder wrote: On Friday 23 July 2004 15.46, ITC-Hosting wrote: We are currently running a Postfix[...] Since you're running postfix... plugyou may want to have a look at greylisting - the postgrey package provides this /plug Unfortunately, postfix 2.1 is required, so woody users will have to wait. Greylisting is a very resource-friendly way to limit spam - there is a small database of envelope sender/recpt and client IP addresses, and it shifts a small burden to the sending mailservers (they have to queue a few mail for a few moments longer than otherwise necessary), but it is rarely noticed by users at all. So are there -for us poor woody users out there- any alternative means to deploy greylisting ? For instance, does only postfix have greylisting or do other MTAs have (or plan to have) greylisting ? Fortunately, the package maintainer for Postfix, LaMont Jones, backports his work to stable, and the backports work quite well: deb http://people.debian.org/~lamont/woody-updates/ woody main deb http://people.debian.org/~lamont/woody-build-depends/ woody main -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Auto throttle 95th percentile?
the problem: 95th percentile billing is cool and it is horrible. it is cool because it lets you burst super fast when you need it. it is horrible because you might consume a ton more bandwidth than you expect and end up paying thousands of dollars. capping the bandwidth is a bad idea: you are then not getting half of what your are paying for. capping the bandwidth higher than what you are prepared to pay is probably also a bad idea: it will just draw the bursts out for longer periods. the solution: auto throttle when close to going over the 95th percentile but... how? Anyone written a script to calculate this stuff, then switch on the shaping to cap the bandwidth so you don't get charged more than you can afford? micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Guarding against DoS
Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Auto throttle 95th percentile?
the problem: 95th percentile billing is cool and it is horrible. it is cool because it lets you burst super fast when you need it. it is horrible because you might consume a ton more bandwidth than you expect and end up paying thousands of dollars. capping the bandwidth is a bad idea: you are then not getting half of what your are paying for. capping the bandwidth higher than what you are prepared to pay is probably also a bad idea: it will just draw the bursts out for longer periods. the solution: auto throttle when close to going over the 95th percentile but... how? Anyone written a script to calculate this stuff, then switch on the shaping to cap the bandwidth so you don't get charged more than you can afford? micah
Guarding against DoS
Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah
Re: which scsi raid adapter?
Without a doubt, 3ware escale cards. On Sat, 10 Apr 2004, Russell Coker wrote: On Sat, 10 Apr 2004 10:12, Franz Georg K??hler [EMAIL PROTECTED] wrote: Mylex sucks. huh? why? Firstly, performance sucks. Bonnie++ on the Mylex cards I tested with a few years ago gave quite poor results. The performance of reading and writing large files sequentially on an array of U160 disks was significantly less than on a single cheap IDE disk. The seek times were quite good however, so doing an upgrade through dselect went fairly quickly. Secondly, the LINUX driver is kind of special. While GDT controllers are recognised as scsi adapters, the Mylex driver has it's own device naming scheme (this is, why it doesn't appear in the SCSI submenu: it is not a scsi driver). This is annoying. But they aren't alone, there's CCISS and IDA as well. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page micah Naturally, the common people don't want war, but after all, it is the leaders of a country who determine the policy...Voice or no voice, the people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. -- Goering, Nuremburg trial -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which scsi raid adapter?
Without a doubt, 3ware escale cards. On Sat, 10 Apr 2004, Russell Coker wrote: On Sat, 10 Apr 2004 10:12, Franz Georg K??hler [EMAIL PROTECTED] wrote: Mylex sucks. huh? why? Firstly, performance sucks. Bonnie++ on the Mylex cards I tested with a few years ago gave quite poor results. The performance of reading and writing large files sequentially on an array of U160 disks was significantly less than on a single cheap IDE disk. The seek times were quite good however, so doing an upgrade through dselect went fairly quickly. Secondly, the LINUX driver is kind of special. While GDT controllers are recognised as scsi adapters, the Mylex driver has it's own device naming scheme (this is, why it doesn't appear in the SCSI submenu: it is not a scsi driver). This is annoying. But they aren't alone, there's CCISS and IDA as well. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page micah Naturally, the common people don't want war, but after all, it is the leaders of a country who determine the policy...Voice or no voice, the people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. -- Goering, Nuremburg trial
Re: Starting isp and going to use Debian
Have a look at: http://buffy.riseup.net - Detailed and complete documentation on creating an advanced mail system with all the features you could ever hope for. I am not sure, but I think this site is a newer version: http://ibis.riseup.net/grimoire/ micah Chris Hoover schrieb am Saturday, den 21. February 2004: Me and some friends are looking into starting a local isp. My friends are networking experts with some linux experience and I am the linux expert with some networking experience. Anyway, my question is what software do most of you use? Obviously, we have decided to use Debian for our base os. However, what do most of you use for: 1. Webmail 2. Imap/pop access 3. User management 4. Accounting/Finances 5. Drive usage control (i.e. user only get 10M for mail and 15M for web) Any other advice sould be appreciated. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Remote server management
Since we often have limited physical access to our machines, and our collective members are spread around the country, our holy grail is remote hardware administration. This could mean a lot of things. Mostly, we just need to: 1. power cycle computers remotely 2. access the bios and boot menu remotely This allows us to reboot if the machine crashes, boot from a different drive if the boot drive is toast, and allows people to pretty much install a complex system remotely (especially if we leave a rescue cd in the drive). Ever tried installing an LVM or software RAID or firewall remotely? It can be dicey! Access over IP is acceptable. In other words, we do not need a solution which is completely 'out of band' like a modem or radio link. Below are some notes on the research we have done. Any stories, experiences, or advice with this kind of stuff would be greatly appreciated. * Motherboards * Many motherboards support serial console (or 'console redirection'). This allows you to use the 'serial console buddy system' or terminal server to access the machine's main console and bios. With linux, you can access the console after the boot process has started, but doesn't get you very far so hardware support in the motherboard is also needed. In the past, we have had frustration with the quirks of serial console support (like it killing the real console). Boards which typically have serial console (serial redirection) support: Tyan http://tyan.com Supermicro http://supermicro.com Others ... * KVM over IP * These boxes convert the keyboard, video, and mouse to digital and route over an IP network. Wild stuff. Traditionally very expensive, newer products are making this affordable. American Megatrends has a new one supposedly available Q1 2004 which is super tiny, can support unlimited machines (when connected to a KVM), with an anticipated list price of $600. http://www.ami.com/kvm/. I think some you can ctr-alt-del over and some not(?). * Serial Console Buddy System * The idea is to have machines in pairs or more, connected to a partner's serial port. If one goes down, connect to it from the one which is (hopefully) still alive. You can use two serial cables for this, or one if you are tricky. It is sometimes difficult to find null modem cables with the correct pinout for serial consoles to work. * PCI Cards * Cards which add remote support to a motherboard without it: PC Weasel pumps video and keyboard through a serial port. needs an async terminal server, a buddy, or modem(?), to be truly remote includes remote reboot too. $250 for ISA $350 for PCI MegaRac G2 Lite (american megatrends) Serial over LAN, power control, remote bios. OS independent, no drivers. BIOS independent. client: web based ui (SSL) platform independent. Mostly intended for monitoring hardware through I2C or IPMI. Unsure about how robust the serial over lan is. $300, not available yet, but soon. * Terminal Server/Serial Concentrators * Not sure if there is a difference (or a similarity!) A hub for serial lines, so if you had a bunch of machines with serial consoles they could all be controlled in one place. pricey! some can route through ip(?), or to another machine, or a modem. * Real Servers * Real servers, unlike the commodity stuff we use, have had serial console support since the beginning of time: Alphas, NetServers, etc. People on lists sometimes say they often buy this stuff without a video card at all and just use the serial console (through a terminal server). In addition to serial console, you can buy used on ebay for under $40 stuff like the HP P1218A Netserver Remote Control Interface which lets you reboot the system, flash the bios, and reconfigure hardware remotely. * Remote Reboot * Typically is has been pretty expensive to have a power strip which can be controlled remotely. Here are some affordable options: http://www.webreboot.net/ sells a little box for $250 that can connect to 8 machines through the reset connector on the motherboard. reboot from a web browser. http://www.wti.com/power.htm sells power strips which can be rebooted from a web browser ($600 for 5 plugs) or a control unit + satellite units setup ($350 for control unit + $200 per satellite). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: UML Patch uad 2.4.22Kernel
Daniel Holze schrieb am Wednesday, den 17. December 2003: Hello debian-isp, i was tried to install a kernel (2.4.22) with UML patch. I cant install it. So, here are my work Steps: patch -p1 uml-patch-2.4.22-7 make menuconfig make modules make modules_install make bzImage Here is what I would do at this stage. Copy your .config file out of your linux kernel source directory. Remove your linux kernel source directory, untar a fresh version. Copy your .config into the new source dir: patch -p1 uml-patch-2.4.22-7 make oldconfig make clean make dep make bzImage make modules make modules_install This will more than likely make your problem go away. Consider your risks with the recent local root exploit in 2.4.22 before you go further. Micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re[2]: UML Patch uad 2.4.22Kernel
Sounds like it is a problem with the UML patch then, I would contact those folks to see if they know of the problem. Or look for a newer version of the patch. micah Daniel Holze schrieb am Wednesday, den 17. December 2003: Hello MA patch -p1 uml-patch-2.4.22-7 MA make oldconfig MA make clean MA make dep MA make bzImage MA make modules MA make modules_install didn`t work :-( Its the same error. -- Best wishes, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: UML Patch uad 2.4.22Kernel
Daniel Holze schrieb am Wednesday, den 17. December 2003: Hello debian-isp, i was tried to install a kernel (2.4.22) with UML patch. I cant install it. So, here are my work Steps: patch -p1 uml-patch-2.4.22-7 make menuconfig make modules make modules_install make bzImage Here is what I would do at this stage. Copy your .config file out of your linux kernel source directory. Remove your linux kernel source directory, untar a fresh version. Copy your .config into the new source dir: patch -p1 uml-patch-2.4.22-7 make oldconfig make clean make dep make bzImage make modules make modules_install This will more than likely make your problem go away. Consider your risks with the recent local root exploit in 2.4.22 before you go further. Micah
Re: Re[2]: UML Patch uad 2.4.22Kernel
Sounds like it is a problem with the UML patch then, I would contact those folks to see if they know of the problem. Or look for a newer version of the patch. micah Daniel Holze schrieb am Wednesday, den 17. December 2003: Hello MA patch -p1 uml-patch-2.4.22-7 MA make oldconfig MA make clean MA make dep MA make bzImage MA make modules MA make modules_install didn`t work :-( Its the same error. -- Best wishes, Daniel
