On Thu, 2011-08-18 at 11:36 +0200, Marc Deop i ArgemÃ* wrote:

> > http://tinyurl.com/3n5yn8u

It gives me:-

http://lmgtfy.com/?q=traffic+accounting

which displays a Google search box and an advertisement with nothing
about Traffic or about Accounting.



--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
N��
|���^���a���^��w���

On Thu, 2011-08-18 at 20:45 +0200, Rudi Ahlers wrote:
> On Thu, Aug 18, 2011 at 7:20 PM, Patrick Lists
> <centos-list@puzzled.xs4all.nl> wrote:
> > On 08/18/2011 12:06 PM, Always Learning wrote:
> >>
> >> On Thu, 2011-08-18 at 11:36 +0200, Marc Deop i Argemí wrote:
> >>
> >>>> http://tinyurl.com/3n5yn8u
> >>
> >> It gives me:-
> >>
> >> http://lmgtfy.com/?q=traffic+accounting
> >>
> >> which displays a Google search box and an advertisement with nothing
> >> about Traffic or about Accounting.
> >
> > Lmgtfy means "let me google that for you". Posting such an url is a
> > pretty standard response to people who ask for help without first making
> > an effort to find some answers (by googling, etc.). The hint is: do your
> > homework first and don't expect spoonfeeding.
> >
> > Regards,
> > Patrick
> > _______________________________________________
>
>
>
> And you obviously think I didn't do my homework?
>
>
> Did you see my specific requirement? Or did you just see "how" and
> "firewall" and assumed "google" ?

Perhaps Patrick was doing his own huiswerk and was too busy being spoon
fed by his mooi buurvrouwje ;-)


--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:

> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.

First question is:

(a) how can you get the IP address ?

(b) how can you introduce a, or use an existing, system to record and
store the data amounts (bandwidth) and IP addresses ?

(c) how long will this information be retained before being discarded ?

(d) how can you monitor on every change to the data amount ?

(e) will it do both IP4 and IP6 ?

(f) what mechanism can you use to block the IP address ... IP Tables via
simple BASH command ?


Its an interesting requirement.




--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

If there isn't an existing system, or systems you can use together, your
only alternative is to create a system to satisfy your requirement. I
was speculating on the essentials.


--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 08/18/2011 08:45 PM, Rudi Ahlers wrote:
> And you obviously think I didn't do my homework?
>
> Did you see my specific requirement? Or did you just see "how" and
> "firewall" and assumed "google" ?

I was not referring to you Rudi. Merely pointing out the lmgtfy concept
which imho seemed lost on Paul.

And yes I did look at your requirements but don't have the answer for
you. Maybe a combination of iptables and tc perhaps with connection
tracking thrown in?

Regards,
Patrick

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 08/18/2011 09:31 PM, Rudi Ahlers wrote:
[snip]
> I have read through that document link on
> http://lartc.org/lartc.html#AEN1393 and the closest I could get is
> rate limiting, but that doesn't actually block the IP if it goes over
> a certain threshold, it just slows everything down.

How about the netfilter quota, fuzzy and iplimit extensions?

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.4

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.5

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.13

Regards,
Patrick
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Thu, 2011-08-18 at 21:27 +0200, Rudi Ahlers wrote:

> Bandwidth in our country is exuberantly expensive, probably about 20x
> the price of bandwidth in the USA

Een oplossing voor Zuid Afrika ?

If your country has good internal Internet connections, host the site in
Europe or the USA where bandwidth is a lot cheaper ?


--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Apologies for top posting.

I fear you will either have to work with cacti bandwidth alerts,
figuring out how to grab the client IP and push it into iptables; find
another way to get the client IP out of cacti and into iptables; or look
into the QoS capabilities within Linux.


On 08/18/2011 03:01 PM, Rudi Ahlers wrote:
> Let's try again:
>
>
> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>
> Then, any users, connecting from anywhere, on any IP should be blocked
> - either if he uploads or downloads (i.e ingres & outgres) for a
> specific amount of time.
>
>
> My research:
>
> The firewalls which we've tried (both normal Linux iptables and
> hardware based firewalls) can do this, as long as I can specify the
> IP's to block - this is standard for an office-type firewall.
> BUT, I don't have a range of IP's to specify since these particular
> servers are on the internet, thus any possible IP on the net could
> connect to the server.
>
>
> I also need to exclude certain IP's from this rule (i.e. for backup
> servers which actually need to transfer a lot of traffic).
>
> To some degree this would mean "traffic accounting", but that just
> keeps a log of traffic usage. And we already measure traffic use with
> cacti & SNMP. Cacti can send us an email if a certain amount of
> bandwidth is used up, but it doesn't tell the firewall to block the
> offending IP address.
>
> DDOS protection type firewalls doesn't help much either since they
> only block incoming "attacks", but not really normal uploads. They
> also don't block outgoing traffic once the condition is met.
>


--
-- John Jasen (jjasen@realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Thu, 2011-08-18 at 21:56 +0200, Rudi Ahlers wrote:
>
> BUT, if Steve changes his IP to circumvent the block, then his new IP
> should be blocked as well.

How will you know Steve has successfully circumvented your block until
until the same Steve, with IP2, eventually exceeds the 'quota' ?

And if Steve gets away with that, he can probably try again with IP3 and
IP4 etc. - making a mockery of your bandwidth restriction.


--
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos