Very Computer

Hello,

I am assisting the sysadmins on a larger dorm network which are having
problems.
Their problem is specifically that people set up their own FTP servers and
publish them to the World, thereby sucking up all available outgoing
bandwidth. Others, well, they download like crazy and use up all the inbound
bandwidth.
A bunch of sniffers etc. would reveal who's doing it, they can get a
reprimand etc., but it's not a solution in the long run.

I conceived an idea where each user would be able to up/download a certain
amount of data per day with no restrictions (say, 250 MB). After that they
would be limited in their (ab)use; namely being capped on their bandwidth
usage so that they'd be able to up/download at a rate of, say, 3Kb/s. Not
enough to run their 500 users 31337 W4R3Z FTP-server, but enough to do what
the intention of the Internet access is - search for information and
communicate.

Now, my question is, how do I go about that? Restricting download is not
much of a problem (attach a shaper interface to the internal gateway NIC and
route their IP through that), but restricting upload is more tricky. Do
anyone have a suggestion as how to go about that?

Furthermore there's the question of measuring the usage; I assume that
iptables accounting will be able to cut it with the aid of a cron job to
keep an eye out for users exceeding their limit - any objections to that?

Each and every machine is connected via a number of switches and a central
router; there is no NAT performed anywhere.

If someone have helping hints, documents or (preferred, surprise, surprise
:-) working examples for this, I'd greatly appreciate it!

Thanks in advance :-)

Best regards,
-Allan Jensen

d00d,

What you need is the traffic shaping tool for linux.  I'm experimenting with
it now and having some luck getting it working (not really).  I think the
better solution is to use tc (traffic control)...more sophisticated
bandwidth throttling for the 2.4.x kernel.

"OK" you say WTF do I get this stuff.  Try here:
http://lwn.net/1998/1119/shaper.html (shaper)

http://www.ds9a.nl/2.4Routing/  (traffic control)
or more specifically
http://www.ds9a.nl/2.4Routing/HOWTO//cvs/2.4routing/output/2.4routing...
...then do your faviorite google searches.

Quote:> Hello,

> I am assisting the sysadmins on a larger dorm network which are having
> problems.
> Their problem is specifically that people set up their own FTP servers and
> publish them to the World, thereby sucking up all available outgoing
> bandwidth. Others, well, they download like crazy and use up all the
inbound
> bandwidth.
> A bunch of sniffers etc. would reveal who's doing it, they can get a
> reprimand etc., but it's not a solution in the long run.

> I conceived an idea where each user would be able to up/download a certain
> amount of data per day with no restrictions (say, 250 MB). After that they
> would be limited in their (ab)use; namely being capped on their bandwidth
> usage so that they'd be able to up/download at a rate of, say, 3Kb/s. Not
> enough to run their 500 users 31337 W4R3Z FTP-server, but enough to do
what
> the intention of the Internet access is - search for information and
> communicate.

> Now, my question is, how do I go about that? Restricting download is not
> much of a problem (attach a shaper interface to the internal gateway NIC
and
> route their IP through that), but restricting upload is more tricky. Do
> anyone have a suggestion as how to go about that?

> Furthermore there's the question of measuring the usage; I assume that
> iptables accounting will be able to cut it with the aid of a cron job to
> keep an eye out for users exceeding their limit - any objections to that?

> Each and every machine is connected via a number of switches and a central
> router; there is no NAT performed anywhere.

> If someone have helping hints, documents or (preferred, surprise, surprise
> :-) working examples for this, I'd greatly appreciate it!

> Thanks in advance :-)

> Best regards,
> -Allan Jensen

On Thu, 23 Aug 2001 08:02:06 -0700, "blackhole"

In my case, I would like to share an internet connection (with my game
fanatic kid), in which his connection has absolute priority over my
connection.  IOW, my computer would only d/l during times when his game is
not passing data.  Is there a relatively simple way to achieve this?
Dave

[original post, snipped]

I dont know about relatively simple but using tc you can queue packets
based on just about any packet criteria, in your case you would filter
your kids traffic by port # maybe into a queue with higher priority
than all other traffic.
This would give you the ability to web surf or whatever similtaneously
to your kids online *.