Re: help on masquerading
how about limiting on MAC addresses :?
On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote:
> Hello all,
> I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet and eth1(192.168.100.x) to my local network customers. I've enabled nat and my customers are able to browse the internet well (My customer are cyber cafe owners). I've limited their bandwidth. The issue is that I've limited their bandwidth on ipbasis ( say 192.168.100.6 is assigned 64kbps). My view is that they can change their ip to something else (say 192.168.100.15) and consume full bandwidth because i've not limited or given more bandwidth to that particual ip.
> To accomplish my condition, I thought of:
> #iptables -P FORWARD DROP
> To disable all packet forwarding by default.
> and then
> #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT
> To allow my that particular ip to access the net.
> But after this command the customer isn't able to browse the net. He's still able to ping my masquerading server. Where am i wrong and what could be a solution ? Please help !
> I also think my approach to be insufficient. Because still my customer with ip (192.168.100.6) can connect to the net if he changes the ip to my some other customers ip (192.168.100.15), say if his machine is shutdown at that time.
> Is there a better approach ?
> Any reply will be greatly appreciated.
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com