LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-26-2003, 01:43 PM   #1
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Rep: Reputation: 0
Question Pleas help!


Hello everyone,

I need help!

How to block someone ip on the network? My network is on the linux system. I can see the pppstatus, iptraf.. but that's it!
I don't know how to block an ip if someone is downloading and downloading all the time. Maby someone could help me????
i'll be very happy for all offers..
 
Old 10-26-2003, 02:36 PM   #2
kasperhans
Member
 
Registered: Oct 2003
Location: right behind the moon
Distribution: gentoo
Posts: 466

Rep: Reputation: 30
you can use webmin to configure such things pretty cool tool www.webmin.com
 
Old 10-26-2003, 03:03 PM   #3
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Hello,
I've just moved the thread to Linux - Networking. Member Intro is a good place to say 'hello', but questions should be posted to other forum. It gives you more views and (probably) reponses.

What would you exactly want to do? Block an IP or limit bandwith? First can be done easily using iptables (or different frontends, like webmin). Second one is harder, but allows you to do very interesting things. In short, it's QoS (I don't know any frontend for this).
 
Old 10-26-2003, 05:16 PM   #4
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
Hi,

I just whant tu limit bandwith.
 
Old 10-26-2003, 05:30 PM   #5
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
And here is something more.
how to install that webmin? If i only can conect to my server via internet - ssh. and ther's no graphic environment.
So i need to do what?
 
Old 10-26-2003, 07:04 PM   #6
kasperhans
Member
 
Registered: Oct 2003
Location: right behind the moon
Distribution: gentoo
Posts: 466

Rep: Reputation: 30
webmin is a graphic frontend for general system configuration but you find there a graphical frontend for ip settings and so on.
you can install it using the rpm or the tgz file its pretty easy as you have only to execute the install script and then the script will tell you at the end what to do to log ing there is also a good faq and how to at the webmin homepage
 
Old 10-27-2003, 04:20 AM   #7
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
and how about iptables? i have it installed. How can i limit travic to someone's ip? thank you very very much
 
Old 10-27-2003, 10:50 AM   #8
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
i think iptables has a limit option but not sure how it works, you could just do what we used to do, block the port all together.

if you Linux box is the gateway, you can match based on their mac address and just block all traffic comming from their box. If you have access to their physical port, just unplug it. Then when they ask why their internet doesnt work, tell them that they need to stop being a net-hog and close kazaa (or other filesharing software). If the problem is uploads, block specific ports that use file sharing software.

All this is only any good if you are network admin and you control the box that their traffic goes through. The best solution is to unplug em and tell them if it continues, they will not be allowed to use the network. Sounds like you need to write a "Network Usage Policy".
 
Old 10-27-2003, 10:51 AM   #9
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
also in the future, please use better subject lines than "please help!". It makes it easier on the readers of the forum to use useful subject lines.
 
Old 10-27-2003, 11:00 AM   #10
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
Hi Robert0380,

i am an admin of my network, but the computer is not at my place, so i can't unplug it. Do you have any other suggestions ?
How to limit trafic from my home? i have all the access to the linux. Thaks..
 
Old 11-02-2003, 03:02 PM   #11
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
henkas, could you be more specific? Would you like to limit bandwith based on IP or port? Giving a user for example 100kbit all the time or 10MB transfer total a month?

Iptables has its use here. but it's not enough. You'll probably need to compile a kernel - with QoS support.
 
Old 11-03-2003, 07:23 AM   #12
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
Mara,
I whant to limit limit bandwith on specfic IP.
 
Old 11-03-2003, 04:33 PM   #13
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
So you need to compile your own kernel, in most cases. Look if your current kernel supports HTB (if you have the .config file, it's in QoS settings). Kernel can be downloaded from www.kernel.org. You also need tc pach from here: http://luxik.cdi.cz/~devik/qos/htb/ (http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz). You need to compile both things. When compiling kernel, choose everything in QoS secion (as modules).

From the site I mentioned above (http://luxik.cdi.cz/~devik/qos/htb/ ) you can also download documentation. There's also nice HOWTO (http://tldp.org/HOWTO/Adv-Routing-HOWTO/index.html chapter 9).

But for fist time, simple examples are the best. So here it is:
Code:
tc qdisc del root dev eth0
tc qdisc add dev eth0 root handle 1:0 htb default 3

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 112kbit ceil 112kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 28kbit ceil 112kbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 80kbit ceil 112kbit

tc filter add dev eth0 protocol ip parent 1:0 u32 match ip dst 192.168.1.1 flowid 1:2
tc filter add dev eth0 protocol ip parent 1:0 u32 match ip dst 192.168.1.2 flowid 1:3
Now, what does this script do? First thing: it only limists one way - in this case, only download. For two sides script you rather need another patch, IMQ.

First lines deletes all rules assigned to eth0 (from previous scripts).
Then the default is specified (1:2, everything that doesn't fit any other class, goes to 1:3). Later 1:2 and 1:3 classes are specifies. 1:2 guarantees 28kbit, 1:3 80kbit. If not the whole bandwith is used, all what's left can be used by other classes, up to 112kbit.

Then there's filter. 1:2 is for 192.168.1.1. 1:3 is for 192.168.1.2, but it's default, so all other IPs go there.

I can write something more if you wish, but I don't know what you know
 
Old 11-04-2003, 06:34 AM   #14
henkas
LQ Newbie
 
Registered: Oct 2003
Location: Lithuania
Posts: 7

Original Poster
Rep: Reputation: 0
Thank you Mara, i'll try that.
maby that's gona help me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pleas can you help me....i need you ALaa Cabo Linux - Software 2 08-15-2005 07:54 PM
Help help pleas phil75 Linux - General 9 06-18-2005 03:58 AM
Tape Drive help pleas monkeymartin Linux - General 4 04-26-2003 01:31 PM
Crontab Help Pleas monkeymartin Slackware 1 04-24-2003 03:39 PM
Installing a program Pleas help monkeymartin Slackware 7 04-22-2003 12:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration