From owner-freebsd-isp Sat Jun 10 8:20:36 2000 Delivered-To: freebsd-isp@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 0537A37B8AE for ; Sat, 10 Jun 2000 08:20:30 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id RAA07459; Sat, 10 Jun 2000 17:21:52 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200006101521.RAA07459@info.iet.unipi.it> Subject: Re: LAN detection? In-Reply-To: <39425883.512141CC@fil.net> from Love Bug at "Jun 10, 2000 11:02:27 pm" To: Love Bug Date: Sat, 10 Jun 2000 17:21:52 +0200 (CEST) Cc: freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Our ISP has a service that is specified as being a "single computer". In > other words, you should not be using NAT or distrabuting it over a LAN with > things like winroute and D-Link 602's or WebRamps (or even FreeBDS and > userland PPP!). Being a tiny ISP it is important to control bandwidth use > and abuse. so what are you going to do if users of such a service use it for a web proxy ? Or, for a dedicated download machine from where they move data back and forth using ZIP drives ? Sorry but this type of restriction is not enforceable. You cannot see the original MAC (and in the above case, you would not detect anything anyways); you _might_ see the http or email headers, but you are probably not supposed to peek into such info. If you want to do something reasonable, either apply quotas on traffic (see recent emails on the net/isp/ipfw list), or use WFQ (newly in dummynet, see http://www.iet.unipi.it/~luigi/ip_dummynet/ ) so you can give each of your users a share of your upstream BW proportional to what they pay. cheers luigi (dummynet's author, for the records!) -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- > Customers dial into a PortMaster 2E-30, straight through a Dummynet, forced > to a Squid Proxy (No direct port 80) and then through an IPFilter Firewall. > The Dummynet, Squid, and IpFilter are all on different boxes connected to > our LAN Hub. > > I am just looking for a way to trap one or two people who are sucking > bandwidth across a LAN without paying their fair share of the costs. Any > Ideas? Is it possible to see the MAC address of the orignal LAN card? > > Thank You, > > Love > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message