I am assisting the sysadmins on a larger dorm network which are having
Their problem is specifically that people set up their own FTP servers and
publish them to the World, thereby sucking up all available outgoing
bandwidth. Others, well, they download like crazy and use up all the inbound
A bunch of sniffers etc. would reveal who's doing it, they can get a
reprimand etc., but it's not a solution in the long run.
I conceived an idea where each user would be able to up/download a certain
amount of data per day with no restrictions (say, 250 MB). After that they
would be limited in their (ab)use; namely being capped on their bandwidth
usage so that they'd be able to up/download at a rate of, say, 3Kb/s. Not
enough to run their 500 users 31337 W4R3Z FTP-server, but enough to do what
the intention of the Internet access is - search for information and
Now, my question is, how do I go about that? Restricting download is not
much of a problem (attach a shaper interface to the internal gateway NIC and
route their IP through that), but restricting upload is more tricky. Do
anyone have a suggestion as how to go about that?
Furthermore there's the question of measuring the usage; I assume that
iptables accounting will be able to cut it with the aid of a cron job to
keep an eye out for users exceeding their limit - any objections to that?
Each and every machine is connected via a number of switches and a central
router; there is no NAT performed anywhere.
If someone have helping hints, documents or (preferred, surprise, surprise
:-) working examples for this, I'd greatly appreciate it!
Thanks in advance :-)