On 06/28/2012 02:27 PM, Jatin K wrote:
> yes, its my client's requirement ...... I can understand its not the way to go
> .... but he pays me for this ... I'm a service provider .. I have to do what they
> said and want to do
>
>> I think you need to state the problem you are trying to solve....not ask for a
>> solution which really sounds wrong headed.
>>
> how can you prove its wrong ... they need this kind of configurations, and my duty
> is to provide the solutions what they need if its possible....
>
> I don't know the solution/configuration requirement to fulfill their desire,
> thats why I'm asking the solutions to this list where so many experts like you are
> available. If this is wrong then I'm really sorry

Find the appropriate 3-panel from Dilbert and hand it to the PHB. He is asking you
to implement a solution for which he can't conceive of solving a problem better, that
hasn't been defined...at least not here.

I've walked away from more than one project where the "solutions" was worse than the
problem.

A "primitive" implementation would be to force users to connect to the "gateway" via
pptp and limit the number of concurrent logins. You'd end up with the same
problem.... Either you'd have users logged in and staying logged in forever....or
you'd have to force disconnects....

If I were a user paying to use your client's service I'd walk away very quickly.

Good luck.

--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 06/27/2012 11:27 PM, Jatin K wrote:



how can you prove its wrong ... they need this kind of configurations,
and my duty is to provide the solutions what they need if its possible....

I don't know the solution/configuration requirement to fulfill
their desire, thats why I'm asking the solutions to this list where so
many experts like you are available. If this is wrong then I'm really sorry


Personally, I doubt that limiting the number of boxes that can access
the Internet at any one time is their ultimate goal. They probably have
something different in mind and have decided that this is the way to get
it. If I were you, I'd ask them what it is they're trying to
accomplish, because there's probably a better, simpler, easier way to do it.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 06/28/2012 12:11 PM, Joe Zeff wrote:

On 06/27/2012 11:27 PM, Jatin K wrote:



how can you prove its wrong ... they need this kind of configurations,
and my duty is to provide the solutions what they need if its
possible....


I don't know the solution/configuration requirement to fulfill
their desire, thats why I'm asking the solutions to this list where so
many experts like you are available. If this is wrong then I'm really
sorry


Personally, I doubt that limiting the number of boxes that can access
the Internet at any one time is their ultimate goal.


yes ... the want to allow only desired concurrent PCs to use the
Internet/Local LAN ( pass through the router )



They probably have something different in mind and have decided that
this is the way to get it. If I were you, I'd ask them what it is
they're trying to accomplish,


I've tried a lot to get the matter to be understood ... but finally I
came to this conclusion that " the do not want to allow more then 90
concurrent users/PCs to communicate to Internet/Local LAN "




because there's probably a better, simpler, easier way to do it.

thats why I'm here ..to get the best possible solution

--
°v°
/(_)
^ ^ Jatin Khatri
RHCSA,RHCE,CCNA
Registerd Linux user No #501175
www.linuxcounter.net
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 2012/06/27 23:02, Ed Greshko wrote:

On 06/28/2012 01:27 PM, Jatin K wrote:

well..... suppose I've 5 clients in my office ( say A,B, C, D, E ) and a linux box
which is working as a router ( gateway ), I want to allow only 4 concurrent pcs to
access the Internet, say if A,B,C,D is using internet then fifth client E can not
access the internet until any of previous connected clients ( A,B,C, or D) gets
disconnected/session ended


Define "access internet".....

Do you mean *all* protocols? So, you want to stop a 5th system from browsing, ftp,
ssh, ntp, pop, imap, etc? So, if A, B, C, and D are using these protocols...which
can happen without direct user input (pop/imap polls, facebook and rss feed updates,
etc.) you want to block E for an indeterminate amount of time?

Seriously?

I think you need to state the problem you are trying to solve....not ask for a
solution which really sounds wrong headed.


Is he trying to establish some traffic management or a means of assuring
at least one person is bored enough that she'll take care of the company's
business while the men are streaming their porn?

{^_^}
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 06/28/2012 01:17 PM, jdow wrote:

On 2012/06/27 23:02, Ed Greshko wrote:

On 06/28/2012 01:27 PM, Jatin K wrote:



Is he trying to establish some traffic management or a means of assuring
at least one person is bored enough that she'll take care of the
company's

business while the men are streaming their porn?

{^_^}
why you people talking like this .. I cant understand ( sorry if you
take it seriously ...I suspect that they don't know how to behave on
mailing list )


warm Regards

--
°v°
/(_)
^ ^ Jatin Khatri
RHCSA,RHCE,CCNA
Registerd Linux user No #501175
www.linuxcounter.net
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 2012/06/27 23:27, Jatin K wrote:

On 06/28/2012 11:32 AM, Ed Greshko wrote:

On 06/28/2012 01:27 PM, Jatin K wrote:

well..... suppose I've 5 clients in my office ( say A,B, C, D, E ) and a
linux box
which is working as a router ( gateway ), I want to allow only 4 concurrent
pcs to
access the Internet, say if A,B,C,D is using internet then fifth client E can
not
access the internet until any of previous connected clients ( A,B,C, or D) gets
disconnected/session ended

Define "access internet".....

Do you mean *all* protocols? So, you want to stop a 5th system from browsing,
ftp,
ssh, ntp, pop, imap, etc? So, if A, B, C, and D are using these
protocols...which
can happen without direct user input (pop/imap polls, facebook and rss feed
updates,
etc.) you want to block E for an indeterminate amount of time?

exactly



Seriously?

yes, its my client's requirement ...... I can understand its not the way to go
.... but he pays me for this ... I'm a service provider .. I have to do what
they said and want to do


I think you need to state the problem you are trying to solve....not ask for a
solution which really sounds wrong headed.


how can you prove its wrong ... they need this kind of configurations, and my
duty is to provide the solutions what they need if its possible....

I don't know the solution/configuration requirement to fulfill their
desire, thats why I'm asking the solutions to this list where so many experts
like you are available. If this is wrong then I'm really sorry


OK, calm down. There may be a way iptables can limit the number of
connections of any given protocol - to some degree.

But there is another killer question these guys trying to help you are
asking, perhaps not clearly enough.

If A, B, C, and D are browsing CNN, MSNBC, ABC, and FoxNews is the limit on
E that he cannot browse CBS or that he cannot make an ftp file transfer or
his machine cannot attempt an NTP clock synchronization until one of the
others quits using the network?

There is something to keep in mind about most HTTP connections, they are
transitory. While A, B, C, and D are visiting their news sites and not
watching videos network activity is very low. So quality of service
restrictions would still allow E to visit CBS. They just could not all
be trying to browse to new pages at the same instant.

If the requirement really is only four can be using the internet in
any way and the fifth cannot there's no good and flexible way to do
it if the activity is simple browse/read/browse to new site/read. The
technique that would have to be used is more presumptive. You'd need a
rule that bans a user if in the last five minutes four other users have
connected to their own web sites however briefly.

Methinks your customer needs to step back a few feet from his description
of what he wants and tell you what he really wants or needs. That means
YOU need to educate him. Explain what quality of service means and
determine that is indeed not what is wanted. Explain how HTTP connections
can typically work as short bursts of multiple brief connections so
preventing more than four different machines from making web connections
can be amazingly difficult. You have to add a "presumption" filter that
notes connections made and the time they were made. If at any time the
filter has collected connections from four different machines to the
Internet the fifth is banned until a timeout runs out on at least one
of the other four's last connection. The timeout is presumed to mean she
has turned to some other task and is not using the internet.

If you ban more than four simultaneous TCP/IP connections web browsing,
with its dozens of simultaneous connections, may become annoyingly slow
even for only one user. This is particularly a problem with fast and
efficient browsers that try to overlap connections to speed downloading
the web page.

As relayed by you your customer's request is meaningless. You MUST find
out what assumptions your customer is making so you have a chance of
understanding what is really wanted.

{^_^}
at any one time

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

-----Original Message-----
From: users-bounces@lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of Jatin K
Sent: Thursday, June 28, 2012 10:00 AM
To: Community support for Fedora users
Subject: Re: How to limit maximum number of TCP connections

On 06/28/2012 01:17 PM, jdow wrote:
> On 2012/06/27 23:02, Ed Greshko wrote:
>> On 06/28/2012 01:27 PM, Jatin K wrote:
>>
>
> Is he trying to establish some traffic management or a means of assuring
> at least one person is bored enough that she'll take care of the
> company's
> business while the men are streaming their porn?
>
> {^_^}
why you people talking like this .. I cant understand ( sorry if you
take it seriously ...I suspect that they don't know how to behave on
mailing list )

Translated:
Ed wonders if the OP want traffic management, or wants to filter the people who uses internet in the boss time for purposes that might interest his boss.
OP might be working for behavior-analysis-department or P&O ;-)


__________________________________________________ ____________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 2012/06/28 00:02, Jatin K wrote:

On 06/28/2012 12:11 PM, Joe Zeff wrote:

On 06/27/2012 11:27 PM, Jatin K wrote:



how can you prove its wrong ... they need this kind of configurations,
and my duty is to provide the solutions what they need if its possible....

I don't know the solution/configuration requirement to fulfill
their desire, thats why I'm asking the solutions to this list where so
many experts like you are available. If this is wrong then I'm really sorry


Personally, I doubt that limiting the number of boxes that can access the
Internet at any one time is their ultimate goal.


yes ... the want to allow only desired concurrent PCs to use the Internet/Local
LAN ( pass through the router )



They probably have something different in mind and have decided that this is
the way to get it. If I were you, I'd ask them what it is they're trying to
accomplish,


I've tried a lot to get the matter to be understood ... but finally I came to
this conclusion that " the do not want to allow more then 90 concurrent
users/PCs to communicate to Internet/Local LAN "



because there's probably a better, simpler, easier way to do it.

thats why I'm here ..to get the best possible solution


As stated there is, technically speaking, no solution let alone a best
possible solution. As I noted, with internet browsing a person sitting
reading an MSNBC page of drivel is not "connected". The connections are
all done and over with. I realize most people seem to think their browser
is their connection to the network. If it's not up then it must not be
connected. 'Tain't so. You can have periods of no connection even if you
have a browser open and are actively reading a page.

On the local lan to local lan connections, if any, no such limit is feasible
given the behaviors of the various SAMBA or NFS type protocols in use for
shared disks and files.

About the only semi-feasible means of doing this might be to setup a
virtual lan through a proxy with a limited number of concurrent logins
permitted. That is subject to the hogging effect Mr. Greshko mentioned.
So you'd have to put an arbitrary logout on the proxy after X minutes
of inactivity. So the bozo logs into a news site that has pages that
automatically refresh every few minutes and you get hogging again.

You REALLY REALLY need to 1) walk away from this nonsense customer or
2) embark on a serious education program and determine what the real
goal is. Is the idea to keep the network uncongested? Is it to make sure
at least some of the people are minding the store? Is it some misguided
security policy? Is it simply to make your life miserable when you've
spent a lot of time and money on his project and he refuses to pay you
because you cannot make a practical limitation such as he asks for?

Note that this is what Earthlink used to do AGES ago when I first got
on the internet via Sky Dayton's newly created ISP. I solved it with
background tasks that kept traffic flowing. The Earthlink timers never
timed out. But if they did I also automatically logged back in. This
was in the dial-up days. (It was back in the days that more than year
long uptimes were feasible and fashionable with Red Hat Linuxes. But
that is another story. UPSs to pieces I love!)

{^_^}
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 2012/06/28 00:59, Jatin K wrote:

On 06/28/2012 01:17 PM, jdow wrote:

On 2012/06/27 23:02, Ed Greshko wrote:

On 06/28/2012 01:27 PM, Jatin K wrote:



Is he trying to establish some traffic management or a means of assuring
at least one person is bored enough that she'll take care of the company's
business while the men are streaming their porn?

{^_^}

why you people talking like this .. I cant understand ( sorry if you take it
seriously ...I suspect that they don't know how to behave on mailing list )


Part humor, black humor, and part sarcasm. I really don't think from your
description that the customer has the vaguest notion of what he is asking
for or if he does he is refusing to tell you.

To ME it stinks to high heaven. I've walked away from such after learning
the hard way to recognize pure poison. The requirement is too freaking
vague given the realities of networking for it to be met.

I've tried to explain a little. Now I'm washing my hands of it.

Bye.
{^_^}
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

On 06/28/2012 01:33 PM, jdow wrote:

On 2012/06/27 23:27, Jatin K wrote:

On 06/28/2012 11:32 AM, Ed Greshko wrote:

On 06/28/2012 01:27 PM, Jatin K wrote:
well..... suppose I've 5 clients in my office ( say A,B, C, D, E )
and a

linux box
which is working as a router ( gateway ), I want to allow only 4
concurrent

pcs to
access the Internet, say if A,B,C,D is using internet then fifth
client E can

not
access the internet until any of previous connected clients (
A,B,C, or D) gets

disconnected/session ended

Define "access internet".....

Do you mean *all* protocols? So, you want to stop a 5th system from
browsing,

ftp,
ssh, ntp, pop, imap, etc? So, if A, B, C, and D are using these
protocols...which
can happen without direct user input (pop/imap polls, facebook and
rss feed

updates,
etc.) you want to block E for an indeterminate amount of time?

exactly



Seriously?
yes, its my client's requirement ...... I can understand its not the
way to go
.... but he pays me for this ... I'm a service provider .. I have to
do what

they said and want to do

I think you need to state the problem you are trying to solve....not
ask for a

solution which really sounds wrong headed.
If A, B, C, and D are browsing CNN, MSNBC, ABC, and FoxNews is the
limit on
E that he cannot browse CBS or that he cannot make an ftp file
transfer or

his machine cannot attempt an NTP clock synchronization until one of the
others quits using the network?

if A,B,C and D are using Internet then E must not have Internet access ,
like web-browsing, send/receive email, ftp Etc....


if it can be achieved by proxy (squid like) .. I can suggest them





--
°v°
/(_)
^ ^ Jatin Khatri
RHCSA,RHCE,CCNA
Registerd Linux user No #501175
www.linuxcounter.net
No M$

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org