From owner-freebsd-isp@FreeBSD.ORG Tue Nov 11 17:57:39 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 749F41065670 for ; Tue, 11 Nov 2008 17:57:39 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.226]) by mx1.freebsd.org (Postfix) with ESMTP id 5035A8FC08 for ; Tue, 11 Nov 2008 17:57:39 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1875rvf.43 for ; Tue, 11 Nov 2008 09:57:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=iSBeu6tImOP0SZ+U+gi7YrUVVaa7AJENtzzjrGjUG04=; b=Yhmwd4jLfVYdy/WRY50nDbuGqks0hYJ5nrHBWPlHtf+RM2uulrhyu5PAcrxvQHuUtl EDJHjrUJfNt6dV7/11FUD5nKG19ciICOpl4jk6o6L+vMPx1NolGA5om40vcVBdcosnGI KAOHO56lBCrssx9ph/Rus7z79a0AuVmjvn0Wg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=oLCmd2Gj4HbdbwA7vqzonctM7GzSHyfz+K30XwYSidLuGr2Qvpv2xOmk2ELwwh/u+R E/l/3F+lnIXCVY8EX1br3el4tuisKu0HX7uhK0eSFzLJnKzr9904Zo93j7s4MENGJKdY B/SVa1ClvUuEPcDp3fR5189w9pynf5GH/RyvU= Received: by 10.141.1.2 with SMTP id d2mr4353954rvi.107.1226426258441; Tue, 11 Nov 2008 09:57:38 -0800 (PST) Received: by 10.140.178.8 with HTTP; Tue, 11 Nov 2008 09:57:38 -0800 (PST) Message-ID: <5635aa0d0811110957m6eb26dcdoaa1e43310b3e5421@mail.gmail.com> Date: Wed, 12 Nov 2008 00:57:38 +0700 From: "Outback Dingo" To: "Neil Neely" In-Reply-To: <6655283D-E224-4088-B235-31A2F52EB8E1@neely.cx> MIME-Version: 1.0 References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> <20081111083131.142942rf5j59ulus@econet.encontacto.net> <2ad0f9f60811110814i7372e2e8je2879b20d4e39c6f@mail.gmail.com> <6655283D-E224-4088-B235-31A2F52EB8E1@neely.cx> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org, Jack C Subject: Re: Billing for a Wireless Access Service X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2008 17:57:39 -0000 wow thats alot of effort when you can use coova, radius and WISPr profiles.... no need to overpopulate firewall rules On Wed, Nov 12, 2008 at 12:21 AM, Neil Neely wrote: > > ipfw pipes are worth looking into as well. > > I use them for bandwidth throttlling and accounting, but you can do what > you want with them. > > You can do some fun things with ipfw tables and ipfw pipes too, stuff like > this: > > ipfw pipe 256 config bw 256Kbit/s mask src-ip 0xffffffff > ipfw pipe 257 config bw 256Kbit/s mask dst-ip 0xffffffff > ipfw pipe 512 config bw 512Kbit/s mask src-ip 0xffffffff > ipfw pipe 513 config bw 512Kbit/s mask dst-ip 0xffffffff > > > ipfw add 00010 pipe 256 ip from 'table(5,256)' to any out > ipfw add 00010 pipe 512 ip from 'table(5,512)' to any out > > > ipfw add 00020 pipe 257 ip from any to 'table(5,256)' in > ipfw add 00020 pipe 513 ip from any to 'table(5,512)' in > > > Then to add a specific IP to be throttle to 256KB: > ipfw table 5 add 10.0.0.2/32 256 > > Or if you wanted them to have 512KB: > ipfw table 5 add 10.0.0.2/32 512 > > Obviously you could have the speeds be whatever you want and differentiate > them for each IP address and have as many speeds as you felt like > supporting. You could also set the speeds to be very high (thus disabling > the bandwidth throttling portion) and just use an approach like this to pull > off what you were aiming for. > > For accounting purposes you can run "ipfw pipe show" and it will show you > the counters for each individual ip for both in and outbound traffic to make > your accounting decisions. If you wanted to hard cap and shut them down > when they max out - you can just delete the rule that lets them pass traffic > (most likely then letting them get shoved into a captive portal that sends > them to a webpage asking them to pay more?). > > > > Neil Neely > http://neil-neely.blogspot.com > > > > > > On Nov 11, 2008, at 9:14 AM, Jack C wrote: > > I've seen people add an ipfw rule for each client. 'ipfw show' then give >> octet counters that can be summed and graphed in the same manner as >> interfaces. >> >> -Jack >> >> On Tue, Nov 11, 2008 at 9:31 AM, eculp wrote: >> >> Quoting Outback Dingo : >>> >>> or simply install radius and coova-chilli on FreeBSD and a linksys or >>> >>>> dlink, >>>> no need for overpriced microtik crap >>>> >>>> >>> Would chillispot from ports do the same? Ports make keeping up with >>> third >>> party apps and security alerts soooo much easier. >>> >>> thanks, >>> >>> ed >>> >>> >>> On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra >>> wrote: >>> >>>> >>>> Dear adhiambo, >>>> >>>>> >>>>> >>>>> try to used mikrotik router combine with radius :) >>>>> >>>>> >>>>> Salam, >>>>> >>>>> >>>>> Putra >>>>> >>>>> >>>>> Hello list, >>>>>> >>>>>> I'd like to setup a wireless access point to share with my neighbors, >>>>>> >>>>> but >>>>> >>>>>> would like to limit them on the volume they can TX. For example, I'd >>>>>> >>>>> like >>>>> >>>>>> to >>>>>> restrict a user to "N" MB such that as soon as this volume is used, >>>>>> the >>>>>> system denies them any further transfers. This must be accompanied by >>>>>> authentication, using RADIUS, and a MySQL backend is preferred for the >>>>>> management. >>>>>> Now, from my visualization, I can see three areas to work on: The >>>>>> >>>>> Access >>>>> >>>>>> Point, linked to RADIUS to provide authentication. However, I find a >>>>>> challenge on how to do the accounting and eventual control/restriction >>>>>> >>>>> of >>>>> >>>>>> data volumes. >>>>>> >>>>>> I am looking for suggestions. >>>>>> >>>>>> -- >>>>>> Best regards, >>>>>> Odhiambo WASHINGTON, >>>>>> Nairobi,KE >>>>>> +254733744121/+254722743223 >>>>>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >>>>>> "Life must be understood backwards; but... it must be lived forward." >>>>>> - Soren Kierkegaard >>>>>> "Oh My God! They killed init! You Bastards!" >>>>>> --from a /. post >>>>>> _______________________________________________ >>>>>> freebsd-isp@freebsd.org mailing list >>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org >>>>>> " >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This email was sent using onemail - beta http://mail.indo.net.id/ >>>>> >>>>> _______________________________________________ >>>>> freebsd-isp@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>>>> >>>>> _______________________________________________ >>>>> >>>> freebsd-isp@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>>> >>>> >>>> _______________________________________________ >>> freebsd-isp@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>> >>> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >