Date: Sat, 10 Jun 2000 17:21:52 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Love Bug <Love@fil.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: LAN detection? Message-ID: <200006101521.RAA07459@info.iet.unipi.it> In-Reply-To: <39425883.512141CC@fil.net> from Love Bug at "Jun 10, 2000 11:02:27 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Our ISP has a service that is specified as being a "single computer". In > other words, you should not be using NAT or distrabuting it over a LAN with > things like winroute and D-Link 602's or WebRamps (or even FreeBDS and > userland PPP!). Being a tiny ISP it is important to control bandwidth use > and abuse. so what are you going to do if users of such a service use it for a web proxy ? Or, for a dedicated download machine from where they move data back and forth using ZIP drives ? Sorry but this type of restriction is not enforceable. You cannot see the original MAC (and in the above case, you would not detect anything anyways); you _might_ see the http or email headers, but you are probably not supposed to peek into such info. If you want to do something reasonable, either apply quotas on traffic (see recent emails on the net/isp/ipfw list), or use WFQ (newly in dummynet, see http://www.iet.unipi.it/~luigi/ip_dummynet/ ) so you can give each of your users a share of your upstream BW proportional to what they pay. cheers luigi (dummynet's author, for the records!) -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- > Customers dial into a PortMaster 2E-30, straight through a Dummynet, forced > to a Squid Proxy (No direct port 80) and then through an IPFilter Firewall. > The Dummynet, Squid, and IpFilter are all on different boxes connected to > our LAN Hub. > > I am just looking for a way to trap one or two people who are sucking > bandwidth across a LAN without paying their fair share of the costs. Any > Ideas? Is it possible to see the MAC address of the orignal LAN card? > > Thank You, > > Love > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006101521.RAA07459>