[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

help on masquerading

Hello all,
I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet and eth1(192.168.100.x) to my local network customers. I've enabled nat and my customers are able to browse the internet well (My customer are cyber cafe owners). I've limited their bandwidth. The issue is that I've limited their bandwidth on ipbasis ( say is assigned 64kbps). My view is that they can change their ip to something else (say and consume full bandwidth because i've not limited or given more bandwidth to that particual ip.

To accomplish my condition, I thought of:

#iptables -P FORWARD DROP
To disable all packet forwarding by default.
and then

#iptables -A FORWARD -s -i eth1 -j ACCEPT
To allow my that particular ip to access the net.

But after this command the customer isn't able to browse the net. He's still able to ping my masquerading server. Where am i wrong and what could be a solution ? Please help !

I also think my approach to be insufficient. Because still my customer with ip ( can connect to the net if he changes the ip to my some other customers ip (, say if his machine is shutdown at that time.

Is there a better approach ?
Any reply will be greatly appreciated.


Reply to: