Re: # RE: ISP is just too fascist
On Tuesday 19 August 2003 00:45, Petrisor Eddy wrote: > I am [EMAIL PROTECTED] > > To clarify things, > present configuration is: > > MyDebianStation - (proxy server/DHCP server=ISP's Proxy) - internet > > the IP's are given dynamically according to the MAC address of each PC in > the network. > > The IP - MAC pairing is edited by hand (I saw it myself) > > The ISP's workstaion is connected respecting the same schematics, but it > has unlimited http/ftp/ access > > He is planning to make a VPN between his wks and the server in order to > protect from somebody else stealing his MAC and as a consequence his IP and > rights to the inet. > > Note that anybody that doesn't have a valid MAC address isn't given an IP > address and doesn't have access to the inet or so he says (read he = ISP).I > don't know if this is > true!!! Get a different ISP. Honestly. Anyway, the usual solution to this sort of overbearing control of your connection (that you are paying for!!) is to put in a NAT server. This way only one MAC address is seen by the ISP, and you can have as many machines behind it as you like. Yes, there are ways to tell (or make best guess) on a number of machines behind a NAT firewall, but honestly, if the guy at the ISP is doing that, then he has far too much idle time. And if he accuses you of that, change ISP. Actually, just change ISP. t -- GPG: http://n12turbo.com/tarragon/public.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
# RE: ISP is just too fascist
I am [EMAIL PROTECTED] To clarify things, present configuration is: MyDebianStation - (proxy server/DHCP server=ISP's Proxy) - internet the IP's are given dynamically according to the MAC address of each PC in the network. The IP - MAC pairing is edited by hand (I saw it myself) The ISP's workstaion is connected respecting the same schematics, but it has unlimited http/ftp/ access He is planning to make a VPN between his wks and the server in order to protect from somebody else stealing his MAC and as a consequence his IP and rights to the inet. Note that anybody that doesn't have a valid MAC address isn't given an IP address and doesn't have access to the inet or so he says (read he = ISP).I don't know if this is true!!! -- K Free E-mail http://www.k.ro/ Vacante si calatorii prin http://www.romaniantourism.ro/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ISP is just too fascist
At 01:34 PM 8/18/03 +0200, Petrisor Marian wrote: >So I have to setup a proxy on my PC that I will go through rather than going directly through my ISP's proxy? > >I mean the net will be like: > >PC - MYProxy - ISP's Proxy - Internet ? Yeah. But I don't think I fully understand how this serpentine proxying system you're using works. WinXP? ISP? If you want a way to circumvent their controls we need more details. But if it's just a transfer limit per MAC that you need to get around then you can just setup something to keep changing your MAC (to other legal values of course). Or you can setup a virtual interface, set your NIC to promiscuous mode and have requests sent out with rotating MAC's. As long as you keep it on one segment you'll be able to communicate. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- "...ne cede males" 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ISP is just too fascist
Petrisor Eddy Marian > -Original Message- > From: Russell Coker [mailto:[EMAIL PROTECTED] > Sent: Monday, August 18, 2003 1:05 PM > To: Petrisor Marian; '[EMAIL PROTECTED]' > Subject: Re: ISP is just too fascist > > On Mon, 18 Aug 2003 16:43, Petrisor Marian wrote: > > Hey, I was wondering: is there a way to lie to a squid server about the > > identity of the requested files over the internet ? I have internet on > LAN > > through a proxy server that runs squid and the thing is that the ISP > made a > > download/machine/day limit of 1.2MB. > > > > I saw that after I pass over the limit, new downloads are going just > fine > > for a few hundred KB and then is limited to 50B/s. The ISP uses MAC > > This should be easy to solve for static content. This is only static contents as is there are updates. (Packages.gz files and debs) > Just have a proxy that > does > repeated partial transfers. The HTTP protocol allows resuming a file > part-way through, so when it goes slow you can just drop the connection > and > start a new one where the previous one finished. > So I have to setup a proxy on my PC that I will go through rather than going directly through my ISP's proxy? I mean the net will be like: PC - MYProxy - ISP's Proxy - Internet ? > The problem is that this isn't going to work for dynamic content (CGI-BIN > scripts etc). > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP is just too fascist
On Mon, 18 Aug 2003 16:43, Petrisor Marian wrote: > Hey, I was wondering: is there a way to lie to a squid server about the > identity of the requested files over the internet ? I have internet on LAN > through a proxy server that runs squid and the thing is that the ISP made a > download/machine/day limit of 1.2MB. > > I saw that after I pass over the limit, new downloads are going just fine > for a few hundred KB and then is limited to 50B/s. The ISP uses MAC This should be easy to solve for static content. Just have a proxy that does repeated partial transfers. The HTTP protocol allows resuming a file part-way through, so when it goes slow you can just drop the connection and start a new one where the previous one finished. The problem is that this isn't going to work for dynamic content (CGI-BIN scripts etc). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]