Bandwidth Monitoring and Limiting
I am looking to monitor my bandwidth and to limit what bandwidth a computer can use. I know I can use snmp on a router to watch it. I have one WAN connection with 16 IP's. Some PC's do not use a router/device with snmp. They basically connect to the gateway and use the software firewall to control the rest. But there are times during updates and large downloads and things like as such, that are affecting the bandwidth across the network. Here is an example. Today, I was using my telephone (VOIP) I was talking with someone and attaching a large PDF to an email, it was sucking all my bandwidth up that basically took out my upload left over since I could hear the other party talking but they couldn't hear me. Soon as the upload finished, everything was fine. For this paticular example, I would want to reserve 90kbps at all times just for my VOIP since that is whats required to run it. Any ideas? I have a windows network/domain and linux boxes connected to public ips and internal NIC cards to the windows network.
|
Quote:
If I understand correctly, you have a Linux Firewall for your network, that connects to your WAN and to your LAN ( like any firewall .. LOL) If so, why don't you install SQUID to control your bandwidth ? You can create delay pools with squid and control the bandwidth limits to prevent your problem. Let's say you have a 1MB line, then you can configure squid to limit tha MAX connection to 768K, leaving 256K for your VOIP traffic etc. Inside squid, you simply do the following You define your network (internal) acl internalnetwork src 10.1.1.0/24 Then define how many delay pools you want delay_pools 1 delay_class 1 1 delay_parameters 1 32000/40000 delay_access 1 allow internalnetwork http_access allow internalnetwork |
Quote:
|
Quote:
Since you have all your PC's with two NIC's, one for internal and one for public, you can install a server, with two network cards, and create a bridge interface between the two NIC's on your new server, and install this between your ISP router and the public switch SO.. #Internet Line# -- #ISP Router# -- #New server with bridhe ethernets# -- # Public switch# Then you can run squid on there and use Iptables to redirect all port 80 traffic to port 3128 (squid). OR .... You can remove ethernet cable from all PC's going into public switch, install new Linux firewall, and create virtual interfaces on Linux server and port forward all connections from there to each internal PC, basically making your network run the same as it was, but just safer. SO .. #Internet Line# -- #ISP router# -- #New linux server# -- #Internal network# SO on the new Linux firewall you will have one Public IP on the firwall obviously (eth0) and the other network card with an internal IP obviously (eth1) So on the public ethernet, you can make virtual interfaces ( eth0:0, eth0:1, eth0:2 etc) and with IPTABLES make rule to forward all traffic from each interface to an internal PC respectively. ( I take it there is a good reason why each PC must have its own public IP ?) Then simply do squid on the new linux server and limit as I said .. Hope it made sense and helped you ? |
Quote:
|
Quote:
I would be more than willing to help you out with squid buddy, I have ALOT of experiance on it, specially Mail servers, firewalls, proxy servers, DNS servers and web servers. When you ready, ask for advice, I will always help where I can, the more Linux guys I can train, the better I sleep at night knowing one less Microsoft server on the net :) |
Quote:
Kind regards |
Quote:
|
I don't like the begging for reps.
Quote:
Kind regards |
hi kitek,
you asked for the suggestion, i have one if you want. Why don't you use PFsense it is a firewall and can act as a server, easy to install and configure. It also has all the packages you want to monitor your network. It is a FreeBSD. Try it if you like. Kind Regards. |
Quote:
|
Quote:
|
Quote:
But those are the three OS answers that I know of. |
kitek,
its not just a PF, i have used it, it has all the features to be a firewall and a server. You can also check out the options presented by szboardstretcher. The three options are definitely OS(as suggested by szboardstretcher), and if you would like spend a little more you can buy hardware from cisco, juniper, fortinet. They named the technology as UTM means "unified threat management". |
Did you try mikrotik? It's world class solution
|
All times are GMT -5. The time now is 01:00 PM. |