Re: IP accounting software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It just seems to be a reporting tool. What I was wanting was to control connectivity to a user on the basis of bandwidth. I am wanting to sell services to my customer in terms of bandwidth, say 500mb/month. Is there a utility available or do I need to do some scripting ? On Tue, 24 Aug 2004, Vijaya S wrote: > Ritesh Raj Sarraf wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > I have tried ipfm anf it works good. > > > > > > Hi all, > > I'm trying to implement ip accounting on the basis of bandwidth > > consumption to my cable lease users. Can someone please suggest me > > a good utility for this ? > > - -- Ritesh Raj Sarraf RESEARCHUT -- http://www.researchut.com Gnupg Key ID: 04F130BC "Stealing logic from one person is plagiarism, stealing from many is research". -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFBKttU4Rhi6gTxMLwRAhv/AKCq+1fWruPuoT66PlfmBv9mB5fA6ACgjt7s cIlwarwplodQZT2O3EKBw4k= =WaB5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IP accounting software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm trying to implement ip accounting on the basis of bandwidth consumption to my cable lease users. Can someone please suggest me a good utility for this ? TIA, Ritesh - -- Ritesh Raj Sarraf RESEARCHUT -- http://www.researchut.com Gnupg Key ID: 04F130BC "Stealing logic from one person is plagiarism, stealing from many is research". -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFBKsvn4Rhi6gTxMLwRAlZVAJ9w54K1UbCQuCdziHHCTa/WnSBpfQCcCEUs I06uBmqkycOUdQQR9nWp6RE= =rig2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help on masquerading
I think I've got a little confused. For example I hit the following: iptables -P FORWARD DROP iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE xx would be the hardware address. Now wouldn't he be able to change the ip and still be connected because he still has the same hardware mac address and consume more bandwidth. Note: I limit bandwidth on ip basis using rshaper. If i'm not wrong, the solution I feel is to block bandwidth on MAC address. If later the customer tries changing the ethernet card, my iptable rule won't allow packets to be forwarded. Right ? I think I'm right now. Thanks for all helpful suggestions. Ritesh On Tue, 29 Jun 2004, Hiren wrote: > > how about limiting on MAC addresses :? > > On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote: > > > Hello all, > > I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the > > internet and eth1(192.168.100.x) to my local network customers. I've > > enabled nat and my customers are able to browse the internet well (My > > customer are cyber cafe owners). I've limited their bandwidth. The issue is > > that I've limited their bandwidth on ipbasis ( say 192.168.100.6 is > > assigned 64kbps). My view is that they can change their ip to something > > else (say 192.168.100.15) and consume full bandwidth because i've not > > limited or given more bandwidth to that particual ip. > > > > To accomplish my condition, I thought of: > > > > #iptables -P FORWARD DROP > > To disable all packet forwarding by default. > > and then > > > > #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT > > To allow my that particular ip to access the net. > > > > But after this command the customer isn't able to browse the net. He's > > still able to ping my masquerading server. Where am i wrong and what could > > be a solution ? Please help ! > > > > I also think my approach to be insufficient. Because still my customer with > > ip (192.168.100.6) can connect to the net if he changes the ip to my some > > other customers ip (192.168.100.15), say if his machine is shutdown at that > > time. > > > > Is there a better approach ? > > Any reply will be greatly appreciated. > > > > Ritesh > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
help on masquerading
Hello all, I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet and eth1(192.168.100.x) to my local network customers. I've enabled nat and my customers are able to browse the internet well (My customer are cyber cafe owners). I've limited their bandwidth. The issue is that I've limited their bandwidth on ipbasis ( say 192.168.100.6 is assigned 64kbps). My view is that they can change their ip to something else (say 192.168.100.15) and consume full bandwidth because i've not limited or given more bandwidth to that particual ip. To accomplish my condition, I thought of: #iptables -P FORWARD DROP To disable all packet forwarding by default. and then #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT To allow my that particular ip to access the net. But after this command the customer isn't able to browse the net. He's still able to ping my masquerading server. Where am i wrong and what could be a solution ? Please help ! I also think my approach to be insufficient. Because still my customer with ip (192.168.100.6) can connect to the net if he changes the ip to my some other customers ip (192.168.100.15), say if his machine is shutdown at that time. Is there a better approach ? Any reply will be greatly appreciated. Ritesh
Re: help on masquerading
I think I've got a little confused. For example I hit the following: iptables -P FORWARD DROP iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE xx would be the hardware address. Now wouldn't he be able to change the ip and still be connected because he still has the same hardware mac address and consume more bandwidth. Note: I limit bandwidth on ip basis using rshaper. If i'm not wrong, the solution I feel is to block bandwidth on MAC address. If later the customer tries changing the ethernet card, my iptable rule won't allow packets to be forwarded. Right ? I think I'm right now. Thanks for all helpful suggestions. Ritesh On Tue, 29 Jun 2004, Hiren wrote: > > how about limiting on MAC addresses :? > > On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote: > > > Hello all, > > I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the > > internet and eth1(192.168.100.x) to my local network customers. I've enabled nat > > and my customers are able to browse the internet well (My customer are cyber cafe > > owners). I've limited their bandwidth. The issue is that I've limited their > > bandwidth on ipbasis ( say 192.168.100.6 is assigned 64kbps). My view is that they > > can change their ip to something else (say 192.168.100.15) and consume full > > bandwidth because i've not limited or given more bandwidth to that particual ip. > > > > To accomplish my condition, I thought of: > > > > #iptables -P FORWARD DROP > > To disable all packet forwarding by default. > > and then > > > > #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT > > To allow my that particular ip to access the net. > > > > But after this command the customer isn't able to browse the net. He's still able > > to ping my masquerading server. Where am i wrong and what could be a solution ? > > Please help ! > > > > I also think my approach to be insufficient. Because still my customer with ip > > (192.168.100.6) can connect to the net if he changes the ip to my some other > > customers ip (192.168.100.15), say if his machine is shutdown at that time. > > > > Is there a better approach ? > > Any reply will be greatly appreciated. > > > > Ritesh > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
help on masquerading
Hello all, I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet and eth1(192.168.100.x) to my local network customers. I've enabled nat and my customers are able to browse the internet well (My customer are cyber cafe owners). I've limited their bandwidth. The issue is that I've limited their bandwidth on ipbasis ( say 192.168.100.6 is assigned 64kbps). My view is that they can change their ip to something else (say 192.168.100.15) and consume full bandwidth because i've not limited or given more bandwidth to that particual ip. To accomplish my condition, I thought of: #iptables -P FORWARD DROP To disable all packet forwarding by default. and then #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT To allow my that particular ip to access the net. But after this command the customer isn't able to browse the net. He's still able to ping my masquerading server. Where am i wrong and what could be a solution ? Please help ! I also think my approach to be insufficient. Because still my customer with ip (192.168.100.6) can connect to the net if he changes the ip to my some other customers ip (192.168.100.15), say if his machine is shutdown at that time. Is there a better approach ? Any reply will be greatly appreciated. Ritesh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]