Hija,
sorry for sounding a little lost here but that''s probably because I am.
Let me explain what I''m trying to do:
I''ve a gateways with one uplink and several disjoint networks beneath
it
like:
| T1
---------
| GW |
---------
/ \
------------- -------------
|10.0.0.0/24| ... |10.0.5.0/24|
------------- -------------
Now what I need is to simply classify users in the network segments into
speed classes (gold/silver/bronze) and cap their traffic at fixed levels
inbound and outbound. My idea was to simply add one class and one filter
per used ip which should be no problem, however I have no idea how to
get rid of this class and filter once the user vanished or replace it by
another value when a different users shows up taking the same address.
The problems are: How do I figure out the tree id from the ip? Or how
can I reconfigure the limit without knowing the id?
A different idea would be to add (say) 500 classes for each speed level
and remember the used/unused ones in the application and serve the next
free class to a user by creating a filter on logon and removing that
later on.
If you now say: Hey, that pretty easy; please hold on. :) Additionally I
don''t know the addresses in advance because they''re either
served using
DHCP or set up in a fixed manner and routed thanks to arpspoofing so
this doesn''t seem to make a good case for hashing. Also I somehow need
to also take care of the traffic which goes through transparent DNS and
http proxies.
Any help and ideas would be greatly appreciated.
--
Servus,
Daniel
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
"Daniel Egger" <egger@..> wrote:> Hija, > sorry for sounding a little lost here but that''s probably because I am. > Let me explain what I''m trying to do: > I''ve a gateways with one uplink and several disjoint networks beneath it > like: > | T1 > --------- > | GW | > --------- > / \ > ------------- ------------- > |10.0.0.0/24| ... |10.0.5.0/24| > ------------- ------------- > > Now what I need is to simply classify users in the network segments into > speed classes (gold/silver/bronze) and cap their traffic at fixed levelsYou probably should put your users into different segments for different speed classes. That would be wise if it could be done. If not, try to make your users in high class get static IP address. Even DHCP could be set static for the range of ip addresses (exception).> inbound and outbound. My idea was to simply add one class and one filter > per used ip which should be no problem, however I have no idea how to > get rid of this class and filter once the user vanished or replace it by > another value when a different users shows up taking the same address. > The problems are: How do I figure out the tree id from the ip? Or how > can I reconfigure the limit without knowing the id? > A different idea would be to add (say) 500 classes for each speed level > and remember the used/unused ones in the application and serve the next > free class to a user by creating a filter on logon and removing that > later on. > If you now say: Hey, that pretty easy; please hold on. :) Additionally I > don''t know the addresses in advance because they''re either served using > DHCP or set up in a fixed manner and routed thanks to arpspoofing so > this doesn''t seem to make a good case for hashing. Also I somehow need > to also take care of the traffic which goes through transparent DNS and > http proxies. > Any help and ideas would be greatly appreciated.Try with iptables mark. Put each packet you decide to manage into mangle table with mark. I hope it will help. Regards, Rio Martin. -- NOC Itenas-net.
"Daniel Egger" <egger@..> wrote:> Hija, > sorry for sounding a little lost here but that''s probably because I am. > Let me explain what I''m trying to do: > I''ve a gateways with one uplink and several disjoint networks beneath it > like: > | T1 > --------- > | GW | > --------- > / \ > ------------- ------------- > |10.0.0.0/24| ... |10.0.5.0/24| > ------------- ------------- > > Now what I need is to simply classify users in the network segments into > speed classes (gold/silver/bronze) and cap their traffic at fixed levelsYou probably should put your users into different segments for different speed classes. That would be wise if it could be done. If not, try to make your users in high class get static IP address. Even DHCP could be set static for the range of ip addresses (exception).> inbound and outbound. My idea was to simply add one class and one filter > per used ip which should be no problem, however I have no idea how to > get rid of this class and filter once the user vanished or replace it by > another value when a different users shows up taking the same address. > The problems are: How do I figure out the tree id from the ip? Or how > can I reconfigure the limit without knowing the id? > A different idea would be to add (say) 500 classes for each speed level > and remember the used/unused ones in the application and serve the next > free class to a user by creating a filter on logon and removing that > later on. > If you now say: Hey, that pretty easy; please hold on. :) Additionally I > don''t know the addresses in advance because they''re either served using > DHCP or set up in a fixed manner and routed thanks to arpspoofing so > this doesn''t seem to make a good case for hashing. Also I somehow need > to also take care of the traffic which goes through transparent DNS and > http proxies. > Any help and ideas would be greatly appreciated.Try with iptables mark. Put each packet you decide to manage into mangle table with mark. I hope it will help. Regards, Rio Martin. -- NOC Itenas-net. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Le jeu 27/11/2003 à 23:59, Daniel Egger a écrit :> Hija, > > sorry for sounding a little lost here but that''s probably because I am.> The problems are: How do I figure out the tree id from the ip? Or how > can I reconfigure the limit without knowing the id? > > A different idea would be to add (say) 500 classes for each speed level > and remember the used/unused ones in the application and serve the next > free class to a user by creating a filter on logon and removing that > later on.Looks like you need to shape traffic against user ! The NuFW project is able to do so. With NuFW and connmark you can add a mark on packets equal to the userid (even if you''ve got multiple users on the same computer). Additionnaly, you can filter packet by user (marking is a good side effect) For more information, see http://www.nufw.org/administration.html#id2847763> Any help and ideas would be greatly appreciated.Hope it may help, BR, -- Eric Leblond Nufw, Now User Filtering Works (http://www.nufw.org)