From owner-freebsd-questions@FreeBSD.ORG Sun Jan 16 18:14:09 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 817F116A4CE for ; Sun, 16 Jan 2005 18:14:09 +0000 (GMT) Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es [62.174.254.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94B1E43D31 for ; Sun, 16 Jan 2005 18:14:08 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.0.32] (charm.daemonsecurity.com [192.168.0.32]) by top.daemonsecurity.com (Postfix) with ESMTP id BE08FFD01F; Sun, 16 Jan 2005 19:14:06 +0100 (CET) Message-ID: <41EAAEEE.8000100@locolomo.org> Date: Sun, 16 Jan 2005 19:14:06 +0100 From: Erik Norgaard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041114 X-Accept-Language: en, en-us, da, it, es MIME-Version: 1.0 To: Subhro References: <41eaaaf0.5c5fbd82.574c.0014@smtp.gmail.com> In-Reply-To: <41eaaaf0.5c5fbd82.574c.0014@smtp.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Data Limiting X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 18:14:09 -0000 Subhro wrote: > I need your suggestion about limiting the data that can be transferred by > each of the hosts on a LAN. Let me explain my setup. The hosts get internet > access from a box running as a gateway (NAT). This box can't be touched as > my boss won't allow me to do so. I have decided to run a FreeBSD box as a > bridge between the NAT and the rest of the hosts of the LAN. Is it possible > to limit the amount of Data transferred per month by each of the hosts of > the LAN? If yes then how? It would also be nice if I could allow the users > to see how much data they have already transferred. Yes, you can consider two options, limiting bandwith - this can be done with pf or doing traffic accounting. pf traffic accounting unfortunately does not support distinction between up and download, I tried once to ask how to do this on the misc@openbsd.org list but got no usefull answer. You can also use ipfilter which has easier accounting IMO. I have done this with ipfilter - the problem is that accounting is not per user but per host, so you must assume that each user uses only the same host(s). Also, you need to register each host - this has the good benefit that you can combine it with a hardware list which is usefull in case of theft. The solution I created was to count download for each host pr day and sum up for the last 7 days, if this exeeded the acceptable limit the host would be blocked untill the sum for the last 7 days were again below the limit. A user could decide to "spend all quota" in one day or distribute evenly. Also, I created a web interface to let the user see the statistics for the last 7 days. I have been redeveloping this, and currently I can't give you anything close to stable :-( but really, it's all about scripting once you have the numbers out. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2