LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 09-29-2004, 04:30 PM   #1
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Rep: Reputation: 15
internet sharing on local network(with billing system)


Hi everyone! recently I've join small local network(5 machines so far) which is mostly used to work together on university projects. Everyone on this network(except me) is using XP(I'm on Debian), but the only person who have internet is me(we have slow modem internet here, and I'm lucky owner of DVB card). So I've decide to share it with two of my friends from this network, but since I'm not a Rockafeller I couldn't do it for free, so I wish to setup some kind of billing system to know how much traffic was used and by whom.

Could someone experienced in this field give me some tips what is the best way to do this? should I try to setup VPN server or rather try to organize it through firewall(like my local ISP adviced me)? Any howtos or links to related material would be highly appreciated!
 
Old 09-29-2004, 05:04 PM   #2
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
hi,

I used to do something similar for generating traffic stats on my home network, could probably be used to do what you describe.

quite simple all i did was split incoming traffic on the FORWARD chain by its destination ip and then direct the traffic back to the usual set of state baed rules etc after that. Once a day i would do an iptables -L -v and look at the traffic through each chain.

not very elegant but it worked for my purpose.
 
Old 09-29-2004, 05:24 PM   #3
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
hi Sutekh, thank you for reply! the things you're saying could be what I'm looking for. I'm still need to find out how to share internet only to organize authorization system(to share internet with desired people only), I'm barely understand routing(tomorrow I should get a verbouse book on routing and such, hopefully it will help me imagine better how things work). As for iptables, are you using any scripts to perform the tasks you're described above? if so, maybe you can share it with me, maybe this would help me better understand how does it work?
 
Old 09-29-2004, 05:29 PM   #4
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
after I've read your post for a few times I've understood that you're meaning, guess you don't have any scripts. you're just make few rules which make count packets which are go to your local net independently from those used by your PC, am I right?
maybe you could advice some HOWTOs on how to do something like this?
 
Old 09-29-2004, 05:33 PM   #5
bruj3w
Member
 
Registered: Mar 2004
Location: england
Distribution: slackware
Posts: 164

Rep: Reputation: 30
there's an app called ntop that might help you out. its similar to top but monitors net usage as apposed to system resources. it might be of some use to you.

http://www.ntop.org/ntop.html

Last edited by bruj3w; 09-29-2004 at 05:34 PM.
 
Old 09-29-2004, 05:45 PM   #6
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
thanks bruj3w, I'm downloading ntop right now, and will check out if I could use it for traffic logging
 
Old 09-29-2004, 07:01 PM   #7
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
sensovision,

it is, or rather was part of a firewall script i used to use, the rules I was thinking about were pretty simple however, something like

Code:
# assuming pc1 = 192.168.1.21, pc2 = 102.168.1.22, etc.
# INET_IF = your internet interface
iptables -N PC1_FORWARD
iptables -N PC2_FORWARD
iptables -N PC3_FORWARD
iptables -N INET_FORWARD

iptables -A FORWARD -i $INET_IF -d 192.168.1.21 -j PC1_FORWARD
iptables -A FORWARD -i $INET_IF -d 192.168.1.23 -j PC2_FORWARD
iptables -A FORWARD -i $INET_IF -d 192.168.1.23 -j PC3_FORWARD

iptables -A PC1_FORWARD -j INET_FORWARD
iptables -A PC2_FORWARD -j INET_FORWARD
iptables -A PC3_FORWARD -j INET_FORWARD
so the idea is that any traffic for pc1 goes through a pc1 chain first and then get redirected from there back to the normal set of rules you would use for FORWARD'ed traffic from the net.

the PCx_FORWARD rules serve no other purpose than couting the packets, the do no filtering of any kind and shouldn't interfere with your firewall setup. should be a fairly quick search and replace to modify you existing FORWARD rules as well.

I hasten to add that I am writing this response before my coffee, very little sleep and a hangover and all from memory so there is a good chance it wont work exactly as written, you will want to double check the logic. I think it is ok however.

Rich

edit:
P.S. ntop is great I use that a lot too, I just found that the iptables rukes were quick and easy to keep track of, I used to read the values daily with a script and then clear the counters on those rules so I had a long term log effectively

Last edited by Sutekh; 09-29-2004 at 07:04 PM.
 
Old 10-02-2004, 04:50 PM   #8
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
thanks Rich for great explanation, I think Iptables solution would work for me at least on the beginning.
But what about limiting to use internet only for two computers? I wish to use some authorization system but I have no idea how to organize it yet, could you give me some tips how it could be done?
 
Old 10-02-2004, 08:25 PM   #9
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by sensovision
thanks Rich for great explanation, I think Iptables solution would work for me at least on the beginning.
no probs, probably should have mentioned ipac-ng as well, this is a toll designed to track the things you are doing, it creates and manages the iptables rules for you and draws graphs etc., quite useful, google for ipac.ng

Quote:
But what about limiting to use internet only for two computers? I wish to use some authorization system but I have no idea how to organize it yet, could you give me some tips how it could be done?
ok this is a little bit more difficult, depends on how automated it needs to be i guess. are you trying to track usage in terms of traffic or time? do you need to lock them out after a certain amount of time/traffic, or can you handle it a different way, ie let them on all the time but once they have used x amount of bandwidth traffic shape themn down to a slower connection?

it could be a simple as using something like nocatauth, or as complex as a real log on server (maybe a vpn) depends on how far you need to go
 
Old 10-03-2004, 03:39 AM   #10
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
Thanks once again for your help.
As for billing system I'm looking for a way to track traffic(statistic about time would be nice but it would be used only for information, so I could live without it). We also discussed how I should charge and agreed that the best way for both sides would be prepaid(they prefer to pay and not get in any debts if money are used, and it's better for me as well, since they could get some virus like netsky and use up my outgoing bandwidth, which isn't good nor for me nor for them) so once the money on the account is out, internet should be cutted.
Right now I'm looking for nocatauth to see if it would suit my needs, I also thinking about organizing something with crontab which would poll IPtables for used traffic and compare it with the account data.
BTW what about VPN, is it have some built-in accounting methods or they should be done through IPTables ways as well?
 
Old 10-03-2004, 04:15 AM   #11
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
BTW let me tell why I was asking for VPN in my first post, it's because I can't still share my internet connection fully.
I've modem which is pretty slow 33600 and if I would share it with two more folks the only thing we could do is use it for instant messaging and/or forum posting I've got satellite disk but the only way I could use this connection is to connect via my modem, later enable ppp1 (which is my VPN connection to satellite provider which used to send requests), and I got replies on dvb0_0.
while I'm not using satellite I could share connection withi this string:
Quote:
iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp+ -s 192.168.1.0/24 -d 0/0
after this internet is shared, but I can't do same thing once VPN to satellite ISP is up... I'm reading routing book now and slowly being to understand this issues. That's why I thought that because of VPN I could share internet even if I'm using my satellite disk. probably I need to make my PC like a some kind of gateway server.
If you have idea what's the problem and how I should route my connection correctly(with dvb) I would really appreciate any tips.
 
Old 10-03-2004, 04:54 AM   #12
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by sensovision
Thanks once again for your help.
As for billing system I'm looking for a way to track traffic(statistic about time would be nice but it would be used only for information, so I could live without it). We also discussed how I should charge and agreed that the best way for both sides would be prepaid(they prefer to pay and not get in any debts if money are used, and it's better for me as well, since they could get some virus like netsky and use up my outgoing bandwidth, which isn't good nor for me nor for them) so once the money on the account is out, internet should be cutted.
Right now I'm looking for nocatauth to see if it would suit my needs, I also thinking about organizing something with crontab which would poll IPtables for used traffic and compare it with the account data.
definately look at ipac as well, makes pretty graphs of traffic.

as far as hitting a limit and then cutting off there is an easy way to do this with iptables directly. What you want is the quota match. this will basically let the traffic through up to your quota and then drop through to the nexct rule (check the link it will explain it better than I can, very straight forward).

there is one slight problem however. The quota rule is not part of the standard kernel and has to be inserted into the kernel by patch-o-matic. It can be fairly straight forward log in as root, make sure you are in the /root directory and go to this page and follow the instructions (the cvs stuff). Have you compiled a kernel before? guess I should have asked this first, if you have then it is probably in /usr/src/linux. anyway if you let me know if you are not sure about this bit (gotta compile a kernel sometime :-))
Quote:
BTW what about VPN, is it have some built-in accounting methods or they should be done through IPTables ways as well?
well no a vpn is an alternative network connection that is encryted, I was suggesting it more from the perspective that they have to log in so no one else can get in without a username/password etc.
 
Old 11-14-2004, 04:43 PM   #13
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Original Poster
Rep: Reputation: 15
hi Sutekh! I just wish to tell you thanks once again! as you've helped me out to understand routing system and with you instructions I was able to make accounting system. just wish to let you know that it works and I didn't forgot about the person who helped me out.
thanks once again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Billing Software Duke of Lions Linux - Software 1 06-16-2006 09:27 AM
Printer sharing/ local network cotom Linux - Newbie 3 10-02-2005 08:58 AM
On local network - can't get to internet kook Linux - Wireless Networking 12 03-01-2005 09:45 AM
Suse 9.2 Sharing Printers over local network via CUPS gherikill Suse/Novell 4 01-10-2005 12:50 PM
local network okay - no internet Who Linux - Networking 7 03-26-2003 01:06 PM


All times are GMT -5. The time now is 05:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration