From: David Ziggy Lubowa <dlubowa@bushnet.net>
To: "Adrian C." <foo@foo.teinet.ro>
Cc: linux-admin@vger.kernel.org
Subject: Re: Throttle Users
Date: Tue, 29 Nov 2005 16:01:48 +0300 [thread overview]
Message-ID: <200511291601.48839.dlubowa@bushnet.net> (raw)
In-Reply-To: <6.2.5.6.0.20051129121650.029d2e10@foo.teinet.ro>
All sounds good ... but this will be a separate box meaning i could do Policy
routing off the router with a route-map then it hits box X , after that the
policies below fall into place ...does that work ....????
cheers
On Tuesday 29 November 2005 13:34, Adrian C. wrote:
> Hello.
>
> On linux you could do
> iptables -t nat -I PREROUTING -p tcp --dport 80 -s source_ip -j DNAT
> --to-destination apache_running_machine:80
> iptables -I FORWARD -s source_ip -p tcp --dport 53 -j ACCEPT
> iptables -I FORWARD -s source_ip -p udp --dport 53 -j ACCEPT
>
> considering you don't have a DROP policy or else you're gonna need to
> pass DNS both ways. Without DNS resolving i had problems reaching the
> page. For example: client tries to reach google.com, browser just
> hits timeout -> page cannot be reached. The request won't reach
> redirect if DNS is blocked.
>
> on *BSD running ipf
> rdr fxp0 source_ip/32 port 80 -> apache_running_machine port 80
>
> or if using ipfw
> ipfw add 200 divert 80 tcp from source_ip to apache_running_machine
> 80 via whateverif0
>
> Again make sure firewall rules do not block client's DNS requests.
>
> For the bandwidth shaping you need a queue with very tiny bandwidth
> figures and just throw every bad payer in. Look for ALTQ on
> Open/NetBSD or dummynet on FreeBSD, cbq/htb on linux.
>
>
> --Adrian.
>
> At 11:56 AM 11/29/2005, you wrote:
> >Hey guys ..
> >
> >
> >Anyone got any ideas on this , would like in the most primitive way for
> > now be able to have users who have not paid there bill be redirected to
> > a page and also not be able to use any of my bandwidth say put a minimum
> > of 8k , anyone got any ideas.
> >
> >
> >i have PIX 515E, Packeteer and a few cisco routers and *nix boxes to play
> >with , which would be appropriate.
> >
> >cheers
> >
> >
> >
> >
> >--
> >
> > --
> >Fanaticism consists of redoubling your effort when you have forgotten your
> >aim.
> > -- George Santayana
> >-
> >To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> >the body of a message to majordomo@vger.kernel.org
> >More majordomo info at http://vger.kernel.org/majordomo-info.html
--
--
Fanaticism consists of redoubling your effort when you have forgotten your
aim.
-- George Santayana
next prev parent reply other threads:[~2005-11-29 13:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-29 9:56 Throttle Users David Ziggy Lubowa
2005-11-29 10:34 ` Adrian C.
2005-11-29 13:01 ` David Ziggy Lubowa [this message]
2005-11-29 13:32 ` Adrian C.
2005-11-29 11:12 ` Glynn Clements
2005-12-02 20:13 ` Stephen Samuel
2005-11-30 13:56 ` Andy Davidson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200511291601.48839.dlubowa@bushnet.net \
--to=dlubowa@bushnet.net \
--cc=foo@foo.teinet.ro \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).