[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tools available for..

On Wed, Nov 15, 2000 at 11:58:38PM -0800, Eric G . Miller wrote:
> On Wed, Nov 15, 2000 at 10:29:33PM -0800, Jeff Davis wrote:
> > I am trying to set up a server, and I would like to know about some of
> > the tools I should be using for the following tasks:
> > 
> > Bandwidth monitoring/restriction on a per-user basis
> > 
> > Traffic (total data transfered per time unit) monitoring/restriction on
> > a per-user basis
> > 
look at shaper/cbq. shaper just creates an interface with a limited bandwith, not really user-based. netfilter (iptables, 2.4 firewalling system) can do user-based firewalling/routing (together with iproute2/cbq, fwmark based routing)
cbq is advanced packet scheduler, read adv-routing and iproute docs for more info.

2.2 ipchains stuff can't do uid-based filtering/shaping/accounting, netfilter can.
if you don't want to run 2.4test kernels, wait till 2.4 is stable or use freebsd (i know this is a linux mailing-list, but fbsd has it in stable for some time, for linux it's (still) unstable, so if you don't want to run unstable code, consider freebsd

you should read the Adv-Routing-HOWTO, it's about 2.2/2.4 kernel routing using iproute2 (apt-get install iproute). it's quite complex, but will be able to do it together with 2.4 firewalling code.

possibly you only need iptables, first read netfilter docs, if you don't find a solution with only netfilter, read adv-routing howto and use iproute2 together with netfilter
look for iptables info at http://netfilter.kernelnotes.org/unreliable-guides/
for adv-routing howto in /usr/share/doc/HOWTO/en-txt/Adv-Routing-HOWTO.txt.gz or in /usr/share/doc/HOWTO/en-html/Adv-Routing-HOWTO.html (if doc-linux-text/html installed), else http://linuxdoc.org

sorry about my confusing explaination, but i'm not an expert in cbq/netfilter, so you've to findout the details yourself

> > CPU & RAM would also be nice, but I assume linux won't let a user
> > totally take over the machine's resources with default options.
> No, see /etc/security/limits.conf for doing this.  I've managed to crash
> my Linux box by using up all the memory and swap (no limits enforced).
> So, be careful.
> > port forwarding (I tried this one already, but had a tough time, perhaps
> > just direction to some good tools or docs).
> > 
> > I also plan to set up disk quotas (as you may have guessed), but from
> > the documnetation it looks straightforward.
> > 
> > I would appreciate any advice. I am refering to Debian 2.2.
> I'll let others comment on the rest.

> Name:           Alson van der Meulen      <
> Personal:       alson@linuxfreak.nl       <
> School:       alson@gymnasiumleiden.nl    <
Just add yourself to the password file and make a directory...

Reply to: