router of a huge network... need a little help here.
 

Ok, by huge network I don't mean with a lot of computers, I mean with a lot of usage. hehehe...

Here is the problem: I have a linux box with red hat7.1 as a router/firewall. And I have 5 other computers on the network.

I was wandering if there is a way (I'm thinking squid) to limit the maximum bandwidth available for each machine.

Ok, I know there is a way, ISP's do it all the time, but I was wandering if it was hardware or software managed. And if it is software what kind of software... and if it is hardware... is it too expensive for a home LAN?.

I know this will limit my bandwidth all the time, but I think it is worth it. Does this 'splitter' support 'over-selling'??? (you know, when they say they sell you 128kbps but they use the same 128 for 3 or 4 users.

Thanks a lot.

:Pengy:

Yes absolutely

You have to use iproute2 with netfilter

1. Compile you kernel with some QoS options and advanced router options, for iptables the mark options
2. Write rules in the mangle table to mark the packets reagrding from which machine they come from (you could use the mac address)
3. Create your queueing disciple and your classes and attach the mark packets to the class you want it to belong to.

More info on QoS howto

Bye

Ok... I didn't understand a thing. what is QoS (queue of service?) iroute2 and netfilter... do I need to recompile my kernel to enable them? becaus I don't like to recompile it... it is trickie and I'm using a special kernel (for alpha processors)...

could you please be a little more clear... and give me a few addresses where I can find info about what you are talking about...

Thank you. A LOT.

:Pengy:

QoS = Quality of service (qualitad del servicio lol)
iproute2 is a package
netfilter is the name of that package that uses iptables.

Yes there's 99% probability you'll have to recompile (i always do to optimize my kernel though)

For links google is your friend
search for strings
kernel recompile
netfilter mark
iproute2 or Qos linux

Hastaluego

Ok, the problem is that I'm using an alpha procesor. an alphaserver. So, I don't have the same kind of boot loader and I think that toms root boot wont work. IF something goes wrong with my recompile or if I lose my OS I'll have to reintall EVERYTHIN... and that will take a few hours... not to mention that I won't have access to internet in any other machine.... AND I dont have a contigency. is there something like step-by-step guide to recompile your kernel... I've never done that alone... so... I thik a guide would be great...

about netfilter and iproute2 I've found a lot of documentation... but about kernel recompilation... none. could you help me on this one please. THANKS.

Kernel compilation is kind of very easy

first download the latest kernel (or one that works) 2.4.18 work well, but the latest is 2.4.20

Copy it in /usr/src and decompress it.

do make config or make menuconfig (requires libncurses-dev) or make xconfig depending if you want text mode, bash windows or Xwindow style

The (this is the most difficult)
choose your options in the kernel, this part is very important and will cause you a kernel panic or minor problems if you forget something. Save your kernel configuration once you've finished

the make dep && make bzImage && make modules && make modules_install
(be carefull if you're using the same version of your kernel you have to back up your modules !!!)

The make a dual boot with you're old kernel and your new one (very important !!!! if it crashes)

And that's all !!!

Try to find a junk machine to get some trainning with recompilation.

If you're confident make sure you have a nice dual boot on your alpha machine.

I would advice you to ask help to a good sysadmin besides you to help to configure the kernel.

btw the command dmesg|less will help you to configure the kernel

nos vemos

Ok... Thanks a lot... I'll try recompilling my mandrake (thisone is kind of easy to recover)

Thanks a lot....

Have you read this yet?
http://tldp.org/HOWTO/Bandwidth-Limi...WTO/index.html

uh... I hate tldp... I never find anything...

Peter, I appreciate a lot that link. It would have taken me over two weeks to find it... excuse my previous post.. but it is just true.

I thinkI can work it out now... I'll post here a step-by-step guide as soon as I'm done.

Thanks.

BTW: what ports does KAZAA use?? cause it would be a hard task to isolate them using the tcpdump... hehe... I'll try google... but I don't know what will come out.

Kazaa starts by using tcp port 1214 but can re-establish p2p connections on other low number ports.

You may wish to limit by user or local_ip if there are a lot of connections. One trick I have used is to allow only 1 big pc external access, then the local users must talk internally to this p2p. When Kazaa starts, it creates a huge scanning storm looking for port 1214 in every possible ip range.

When I search Google, I just use keywords, eg "bandwidth control"
When I search tldp, I use this page first ..http://tldp.org/HOWTO/HOWTO-INDEX/howtos.html
then in the browser, the EDIT, Find in this Page, "Keyword" combination.

So, how do I control the bandwidth in kazaa? I have a big PC... it works as router/firewall And I kind of don't understand what you are saying... If i understood correctly then kazaa uses port 1214... but can use lower number ports??? is that it?. If so... how do I limiti them?.

Another question... Is there a BIG site for IPTraf and SQUID??? like php.net or samba.org but for those utilities... because I need special bouilds or source code...

Thanks a lot. :Pengy:

I have a windoze pc set up to be a kazaa p2p member.
It's the ONLY pc that can connect directly past the firewall, everyone else is dropped, so they are forced to talk to this pc to get their sharing to work.
If Kazaa starts with it's entire internet ip scan, (it can be made to look for single ip numbers) I drop these as well.
It's a BIG pc coz it will hold a huge amount of "files".
I now only have to control the traffic from this one internal pc now, kazaa is all it does.

Kazaa starts by using destination port 1214 but will use higher numbers later, making it hard to control if everyone is using it externally.

Practise your Google search for iptraf & squid !! Enjoy !!

ok... but the problem is how to control the traffic... I use it on tow PCs so it shouldn't be that hard... First I want to limit the use of kazaa to 15KBps. the rest I don't care... we don't download mp3 or avi from http servers... (that is why we use kazaa).

Ok... I was reading that how to... and in the squid configuration file there are a few lines I don't know what they are for...

Could you help me with this?

thanks.

BTW, iptraf seems to be broken... I've searched a few pages but it always lead to a broken link (the same one)

Besides... can it be done with tcpdump???