From odhiambo at gmail.com Tue Nov 11 00:56:08 2008 From: odhiambo at gmail.com (Odhiambo Washington) Date: Tue Nov 11 00:56:15 2008 Subject: Billing for a Wireless Access Service Message-ID: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> Hello list, I'd like to setup a wireless access point to share with my neighbors, but would like to limit them on the volume they can TX. For example, I'd like to restrict a user to "N" MB such that as soon as this volume is used, the system denies them any further transfers. This must be accompanied by authentication, using RADIUS, and a MySQL backend is preferred for the management. Now, from my visualization, I can see three areas to work on: The Access Point, linked to RADIUS to provide authentication. However, I find a challenge on how to do the accounting and eventual control/restriction of data volumes. I am looking for suggestions. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Life must be understood backwards; but... it must be lived forward." - Soren Kierkegaard "Oh My God! They killed init! You Bastards!" --from a /. post From aladi at indo.net.id Tue Nov 11 02:07:44 2008 From: aladi at indo.net.id (Aladi Saputra) Date: Tue Nov 11 02:07:52 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> Message-ID: <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> Dear adhiambo, try to used mikrotik router combine with radius :) Salam, Putra > Hello list, > > I'd like to setup a wireless access point to share with my neighbors, but > would like to limit them on the volume they can TX. For example, I'd like > to > restrict a user to "N" MB such that as soon as this volume is used, the > system denies them any further transfers. This must be accompanied by > authentication, using RADIUS, and a MySQL backend is preferred for the > management. > Now, from my visualization, I can see three areas to work on: The Access > Point, linked to RADIUS to provide authentication. However, I find a > challenge on how to do the accounting and eventual control/restriction of > data volumes. > > I am looking for suggestions. > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > "Life must be understood backwards; but... it must be lived forward." > - Soren Kierkegaard > "Oh My God! They killed init! You Bastards!" > --from a /. post > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > ------------------------------------------------------------------------------ This email was sent using onemail - beta http://mail.indo.net.id/ From outbackdingo at gmail.com Tue Nov 11 05:25:40 2008 From: outbackdingo at gmail.com (Outback Dingo) Date: Tue Nov 11 05:25:47 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> Message-ID: <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> or simply install radius and coova-chilli on FreeBSD and a linksys or dlink, no need for overpriced microtik crap On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra wrote: > Dear adhiambo, > > > try to used mikrotik router combine with radius :) > > > Salam, > > > Putra > > > > Hello list, > > > > I'd like to setup a wireless access point to share with my neighbors, but > > would like to limit them on the volume they can TX. For example, I'd like > > to > > restrict a user to "N" MB such that as soon as this volume is used, the > > system denies them any further transfers. This must be accompanied by > > authentication, using RADIUS, and a MySQL backend is preferred for the > > management. > > Now, from my visualization, I can see three areas to work on: The Access > > Point, linked to RADIUS to provide authentication. However, I find a > > challenge on how to do the accounting and eventual control/restriction of > > data volumes. > > > > I am looking for suggestions. > > > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254733744121/+254722743223 > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Life must be understood backwards; but... it must be lived forward." > > - Soren Kierkegaard > > "Oh My God! They killed init! You Bastards!" > > --from a /. post > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > > > > ------------------------------------------------------------------------------ > This email was sent using onemail - beta http://mail.indo.net.id/ > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From eculp at encontacto.net Tue Nov 11 07:11:35 2008 From: eculp at encontacto.net (eculp) Date: Tue Nov 11 07:11:43 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> Message-ID: <20081111083131.142942rf5j59ulus@econet.encontacto.net> Quoting Outback Dingo : > or simply install radius and coova-chilli on FreeBSD and a linksys or dlink, > no need for overpriced microtik crap Would chillispot from ports do the same? Ports make keeping up with third party apps and security alerts soooo much easier. thanks, ed > On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra wrote: > >> Dear adhiambo, >> >> >> try to used mikrotik router combine with radius :) >> >> >> Salam, >> >> >> Putra >> >> >> > Hello list, >> > >> > I'd like to setup a wireless access point to share with my neighbors, but >> > would like to limit them on the volume they can TX. For example, I'd like >> > to >> > restrict a user to "N" MB such that as soon as this volume is used, the >> > system denies them any further transfers. This must be accompanied by >> > authentication, using RADIUS, and a MySQL backend is preferred for the >> > management. >> > Now, from my visualization, I can see three areas to work on: The Access >> > Point, linked to RADIUS to provide authentication. However, I find a >> > challenge on how to do the accounting and eventual control/restriction of >> > data volumes. >> > >> > I am looking for suggestions. >> > >> > -- >> > Best regards, >> > Odhiambo WASHINGTON, >> > Nairobi,KE >> > +254733744121/+254722743223 >> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >> > "Life must be understood backwards; but... it must be lived forward." >> > - Soren Kierkegaard >> > "Oh My God! They killed init! You Bastards!" >> > --from a /. post >> > _______________________________________________ >> > freebsd-isp@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > >> >> >> >> >> ------------------------------------------------------------------------------ >> This email was sent using onemail - beta http://mail.indo.net.id/ >> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From jack at crepinc.com Tue Nov 11 08:43:25 2008 From: jack at crepinc.com (Jack C) Date: Tue Nov 11 08:43:32 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <20081111083131.142942rf5j59ulus@econet.encontacto.net> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> <20081111083131.142942rf5j59ulus@econet.encontacto.net> Message-ID: <2ad0f9f60811110814i7372e2e8je2879b20d4e39c6f@mail.gmail.com> I've seen people add an ipfw rule for each client. 'ipfw show' then give octet counters that can be summed and graphed in the same manner as interfaces. -Jack On Tue, Nov 11, 2008 at 9:31 AM, eculp wrote: > Quoting Outback Dingo : > > or simply install radius and coova-chilli on FreeBSD and a linksys or >> dlink, >> no need for overpriced microtik crap >> > > Would chillispot from ports do the same? Ports make keeping up with third > party apps and security alerts soooo much easier. > > thanks, > > ed > > > On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra wrote: >> >> Dear adhiambo, >>> >>> >>> try to used mikrotik router combine with radius :) >>> >>> >>> Salam, >>> >>> >>> Putra >>> >>> >>> > Hello list, >>> > >>> > I'd like to setup a wireless access point to share with my neighbors, >>> but >>> > would like to limit them on the volume they can TX. For example, I'd >>> like >>> > to >>> > restrict a user to "N" MB such that as soon as this volume is used, the >>> > system denies them any further transfers. This must be accompanied by >>> > authentication, using RADIUS, and a MySQL backend is preferred for the >>> > management. >>> > Now, from my visualization, I can see three areas to work on: The >>> Access >>> > Point, linked to RADIUS to provide authentication. However, I find a >>> > challenge on how to do the accounting and eventual control/restriction >>> of >>> > data volumes. >>> > >>> > I am looking for suggestions. >>> > >>> > -- >>> > Best regards, >>> > Odhiambo WASHINGTON, >>> > Nairobi,KE >>> > +254733744121/+254722743223 >>> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >>> > "Life must be understood backwards; but... it must be lived forward." >>> > - Soren Kierkegaard >>> > "Oh My God! They killed init! You Bastards!" >>> > --from a /. post >>> > _______________________________________________ >>> > freebsd-isp@freebsd.org mailing list >>> > http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>> > >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> This email was sent using onemail - beta http://mail.indo.net.id/ >>> >>> _______________________________________________ >>> freebsd-isp@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>> >>> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From odhiambo at gmail.com Tue Nov 11 09:15:20 2008 From: odhiambo at gmail.com (Odhiambo Washington) Date: Tue Nov 11 09:15:36 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> Message-ID: <991123400811110915u458a94e1jccae650b9e2d68c4@mail.gmail.com> On Tue, Nov 11, 2008 at 3:52 PM, Outback Dingo wrote: > or simply install radius and coova-chilli on FreeBSD and a linksys or > dlink, no need for overpriced microtik crap That sounds right! I don't want Mikrotik. Do you, by any chance, use this suggested setup? I'd like someone whose brain I can pick when I get stuck in the process (besides their mailing list) :-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Life must be understood backwards; but... it must be lived forward." - Soren Kierkegaard "Oh My God! They killed init! You Bastards!" --from a /. post From neil at neely.cx Tue Nov 11 09:52:58 2008 From: neil at neely.cx (Neil Neely) Date: Tue Nov 11 09:53:04 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <2ad0f9f60811110814i7372e2e8je2879b20d4e39c6f@mail.gmail.com> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> <20081111083131.142942rf5j59ulus@econet.encontacto.net> <2ad0f9f60811110814i7372e2e8je2879b20d4e39c6f@mail.gmail.com> Message-ID: <6655283D-E224-4088-B235-31A2F52EB8E1@neely.cx> ipfw pipes are worth looking into as well. I use them for bandwidth throttlling and accounting, but you can do what you want with them. You can do some fun things with ipfw tables and ipfw pipes too, stuff like this: ipfw pipe 256 config bw 256Kbit/s mask src-ip 0xffffffff ipfw pipe 257 config bw 256Kbit/s mask dst-ip 0xffffffff ipfw pipe 512 config bw 512Kbit/s mask src-ip 0xffffffff ipfw pipe 513 config bw 512Kbit/s mask dst-ip 0xffffffff ipfw add 00010 pipe 256 ip from 'table(5,256)' to any out ipfw add 00010 pipe 512 ip from 'table(5,512)' to any out ipfw add 00020 pipe 257 ip from any to 'table(5,256)' in ipfw add 00020 pipe 513 ip from any to 'table(5,512)' in Then to add a specific IP to be throttle to 256KB: ipfw table 5 add 10.0.0.2/32 256 Or if you wanted them to have 512KB: ipfw table 5 add 10.0.0.2/32 512 Obviously you could have the speeds be whatever you want and differentiate them for each IP address and have as many speeds as you felt like supporting. You could also set the speeds to be very high (thus disabling the bandwidth throttling portion) and just use an approach like this to pull off what you were aiming for. For accounting purposes you can run "ipfw pipe show" and it will show you the counters for each individual ip for both in and outbound traffic to make your accounting decisions. If you wanted to hard cap and shut them down when they max out - you can just delete the rule that lets them pass traffic (most likely then letting them get shoved into a captive portal that sends them to a webpage asking them to pay more?). Neil Neely http://neil-neely.blogspot.com On Nov 11, 2008, at 9:14 AM, Jack C wrote: > I've seen people add an ipfw rule for each client. 'ipfw show' then > give > octet counters that can be summed and graphed in the same manner as > interfaces. > > -Jack > > On Tue, Nov 11, 2008 at 9:31 AM, eculp wrote: > >> Quoting Outback Dingo : >> >> or simply install radius and coova-chilli on FreeBSD and a linksys or >>> dlink, >>> no need for overpriced microtik crap >>> >> >> Would chillispot from ports do the same? Ports make keeping up >> with third >> party apps and security alerts soooo much easier. >> >> thanks, >> >> ed >> >> >> On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra >> wrote: >>> >>> Dear adhiambo, >>>> >>>> >>>> try to used mikrotik router combine with radius :) >>>> >>>> >>>> Salam, >>>> >>>> >>>> Putra >>>> >>>> >>>>> Hello list, >>>>> >>>>> I'd like to setup a wireless access point to share with my >>>>> neighbors, >>>> but >>>>> would like to limit them on the volume they can TX. For example, >>>>> I'd >>>> like >>>>> to >>>>> restrict a user to "N" MB such that as soon as this volume is >>>>> used, the >>>>> system denies them any further transfers. This must be >>>>> accompanied by >>>>> authentication, using RADIUS, and a MySQL backend is preferred >>>>> for the >>>>> management. >>>>> Now, from my visualization, I can see three areas to work on: The >>>> Access >>>>> Point, linked to RADIUS to provide authentication. However, I >>>>> find a >>>>> challenge on how to do the accounting and eventual control/ >>>>> restriction >>>> of >>>>> data volumes. >>>>> >>>>> I am looking for suggestions. >>>>> >>>>> -- >>>>> Best regards, >>>>> Odhiambo WASHINGTON, >>>>> Nairobi,KE >>>>> +254733744121/+254722743223 >>>>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >>>>> "Life must be understood backwards; but... it must be lived >>>>> forward." >>>>> - Soren Kierkegaard >>>>> "Oh My God! They killed init! You Bastards!" >>>>> --from a /. post >>>>> _______________________________________________ >>>>> freebsd-isp@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org >>>>> " >>>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This email was sent using onemail - beta http://mail.indo.net.id/ >>>> >>>> _______________________________________________ >>>> freebsd-isp@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org >>>> " >>>> >>>> _______________________________________________ >>> freebsd-isp@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org >>> " >>> >>> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp- >> unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From outbackdingo at gmail.com Tue Nov 11 09:57:39 2008 From: outbackdingo at gmail.com (Outback Dingo) Date: Tue Nov 11 09:57:47 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <6655283D-E224-4088-B235-31A2F52EB8E1@neely.cx> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> <20081111083131.142942rf5j59ulus@econet.encontacto.net> <2ad0f9f60811110814i7372e2e8je2879b20d4e39c6f@mail.gmail.com> <6655283D-E224-4088-B235-31A2F52EB8E1@neely.cx> Message-ID: <5635aa0d0811110957m6eb26dcdoaa1e43310b3e5421@mail.gmail.com> wow thats alot of effort when you can use coova, radius and WISPr profiles.... no need to overpopulate firewall rules On Wed, Nov 12, 2008 at 12:21 AM, Neil Neely wrote: > > ipfw pipes are worth looking into as well. > > I use them for bandwidth throttlling and accounting, but you can do what > you want with them. > > You can do some fun things with ipfw tables and ipfw pipes too, stuff like > this: > > ipfw pipe 256 config bw 256Kbit/s mask src-ip 0xffffffff > ipfw pipe 257 config bw 256Kbit/s mask dst-ip 0xffffffff > ipfw pipe 512 config bw 512Kbit/s mask src-ip 0xffffffff > ipfw pipe 513 config bw 512Kbit/s mask dst-ip 0xffffffff > > > ipfw add 00010 pipe 256 ip from 'table(5,256)' to any out > ipfw add 00010 pipe 512 ip from 'table(5,512)' to any out > > > ipfw add 00020 pipe 257 ip from any to 'table(5,256)' in > ipfw add 00020 pipe 513 ip from any to 'table(5,512)' in > > > Then to add a specific IP to be throttle to 256KB: > ipfw table 5 add 10.0.0.2/32 256 > > Or if you wanted them to have 512KB: > ipfw table 5 add 10.0.0.2/32 512 > > Obviously you could have the speeds be whatever you want and differentiate > them for each IP address and have as many speeds as you felt like > supporting. You could also set the speeds to be very high (thus disabling > the bandwidth throttling portion) and just use an approach like this to pull > off what you were aiming for. > > For accounting purposes you can run "ipfw pipe show" and it will show you > the counters for each individual ip for both in and outbound traffic to make > your accounting decisions. If you wanted to hard cap and shut them down > when they max out - you can just delete the rule that lets them pass traffic > (most likely then letting them get shoved into a captive portal that sends > them to a webpage asking them to pay more?). > > > > Neil Neely > http://neil-neely.blogspot.com > > > > > > On Nov 11, 2008, at 9:14 AM, Jack C wrote: > > I've seen people add an ipfw rule for each client. 'ipfw show' then give >> octet counters that can be summed and graphed in the same manner as >> interfaces. >> >> -Jack >> >> On Tue, Nov 11, 2008 at 9:31 AM, eculp wrote: >> >> Quoting Outback Dingo : >>> >>> or simply install radius and coova-chilli on FreeBSD and a linksys or >>> >>>> dlink, >>>> no need for overpriced microtik crap >>>> >>>> >>> Would chillispot from ports do the same? Ports make keeping up with >>> third >>> party apps and security alerts soooo much easier. >>> >>> thanks, >>> >>> ed >>> >>> >>> On Tue, Nov 11, 2008 at 4:40 PM, Aladi Saputra >>> wrote: >>> >>>> >>>> Dear adhiambo, >>>> >>>>> >>>>> >>>>> try to used mikrotik router combine with radius :) >>>>> >>>>> >>>>> Salam, >>>>> >>>>> >>>>> Putra >>>>> >>>>> >>>>> Hello list, >>>>>> >>>>>> I'd like to setup a wireless access point to share with my neighbors, >>>>>> >>>>> but >>>>> >>>>>> would like to limit them on the volume they can TX. For example, I'd >>>>>> >>>>> like >>>>> >>>>>> to >>>>>> restrict a user to "N" MB such that as soon as this volume is used, >>>>>> the >>>>>> system denies them any further transfers. This must be accompanied by >>>>>> authentication, using RADIUS, and a MySQL backend is preferred for the >>>>>> management. >>>>>> Now, from my visualization, I can see three areas to work on: The >>>>>> >>>>> Access >>>>> >>>>>> Point, linked to RADIUS to provide authentication. However, I find a >>>>>> challenge on how to do the accounting and eventual control/restriction >>>>>> >>>>> of >>>>> >>>>>> data volumes. >>>>>> >>>>>> I am looking for suggestions. >>>>>> >>>>>> -- >>>>>> Best regards, >>>>>> Odhiambo WASHINGTON, >>>>>> Nairobi,KE >>>>>> +254733744121/+254722743223 >>>>>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >>>>>> "Life must be understood backwards; but... it must be lived forward." >>>>>> - Soren Kierkegaard >>>>>> "Oh My God! They killed init! You Bastards!" >>>>>> --from a /. post >>>>>> _______________________________________________ >>>>>> freebsd-isp@freebsd.org mailing list >>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org >>>>>> " >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This email was sent using onemail - beta http://mail.indo.net.id/ >>>>> >>>>> _______________________________________________ >>>>> freebsd-isp@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>>>> >>>>> _______________________________________________ >>>>> >>>> freebsd-isp@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>>> >>>> >>>> _______________________________________________ >>> freebsd-isp@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >>> >>> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From lambert at lambertfam.org Tue Nov 11 10:28:16 2008 From: lambert at lambertfam.org (Scott Lambert) Date: Tue Nov 11 10:28:23 2008 Subject: Billing for a Wireless Access Service In-Reply-To: <991123400811110915u458a94e1jccae650b9e2d68c4@mail.gmail.com> References: <991123400811110028y455bcd7aw85fdbb71d43d77f7@mail.gmail.com> <29638.202.43.161.193.1226396457.squirrel@mail.indo.net.id> <5635aa0d0811110452s6c2b9697l86b08fd7a5d47915@mail.gmail.com> <991123400811110915u458a94e1jccae650b9e2d68c4@mail.gmail.com> Message-ID: <20081111180855.GA60835@sysmon.tcworks.net> On Tue, Nov 11, 2008 at 08:15:19PM +0300, Odhiambo Washington wrote: > On Tue, Nov 11, 2008 at 3:52 PM, Outback Dingo wrote: > > > or simply install radius and coova-chilli on FreeBSD and a linksys or > > dlink, no need for overpriced microtik crap > > That sounds right! I don't want Mikrotik. > Do you, by any chance, use this suggested setup? I'd like someone whose > brain I can pick when I get stuck in the process (besides their mailing > list) :-) If you haven't looked at pfSense, you might want to. I don't know if it would work for exactly this situation. FreeBSD based. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From odhiambo at gmail.com Fri Nov 14 23:27:25 2008 From: odhiambo at gmail.com (Odhiambo Washington) Date: Fri Nov 14 23:27:33 2008 Subject: Help with coova-chilli In-Reply-To: <991123400811110927u3766bf5du53cb78684ab19ca6@mail.gmail.com> References: <991123400811110927u3766bf5du53cb78684ab19ca6@mail.gmail.com> Message-ID: <991123400811142327n51057d17ma7df72f6da8cf366@mail.gmail.com> Hi list, Did anyone manage to compile coova-chilli on FreeBSD 6.x or 7.x successfully? I stumbled upon unofficial port for coova-chilli from http://www.geeklan.co.uk/?p=106 Now I am trying to install it on FreeBSD 7.1-PRE and the build fails: email# pwd /usr/ports/net-mgmt/coova-chilli email# make ===> Vulnerability check disabled, database not found => coova-chilli-1.0.12.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://ap.coova.org/chilli/. coova-chilli-1.0.12.tar.gz 100% of 539 kB 9328 Bps 00m00s ===> Extracting for coova-chilli-1.0.12 => MD5 Checksum OK for coova-chilli-1.0.12.tar.gz. => SHA256 Checksum OK for coova-chilli-1.0.12.tar.gz. ===> Patching for coova-chilli-1.0.12 ===> Applying FreeBSD patches for coova-chilli-1.0.12 ===> Configuring for coova-chilli-1.0.12 checking for a BSD-compatible install... /usr/bin/install -c -o root -g wheel checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gcc... cc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ANSI C... none needed checking for style of include used by make... GNU checking dependency style of cc... gcc3 checking build system type... configure: error: /bin/sh ./config.sub -build=i386-portbld-freebsd7.1 failed ===> Script "configure" failed unexpectedly. Please report the problem to venture37@geeklan.co.uk [maintainer] and attach the "/usr/ports/net-mgmt/coova-chilli/work/coova-chilli-1.0.12/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system (e.g. an `ls /var/db/pkg`). *** Error code 1 Stop in /usr/ports/net-mgmt/coova-chilli. The config.log is available here: http://email.suavegroup.com/~wash/config.log.txt Will really appreciate your help in resolving the cause of the failure. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post From eculp at encontacto.net Sat Nov 15 05:10:41 2008 From: eculp at encontacto.net (eculp) Date: Sat Nov 15 05:10:48 2008 Subject: Help with coova-chilli In-Reply-To: <991123400811142327n51057d17ma7df72f6da8cf366@mail.gmail.com> References: <991123400811110927u3766bf5du53cb78684ab19ca6@mail.gmail.com> <991123400811142327n51057d17ma7df72f6da8cf366@mail.gmail.com> Message-ID: <20081115071037.87292xvisesc73ms@econet.encontacto.net> Quoting Odhiambo Washington : > Hi list, > > Did anyone manage to compile coova-chilli on FreeBSD 6.x or 7.x > successfully? I've been curious about coova for sometime but haven't taken the time to look at it at all but since I have a need for something I decided to download the sources, unpack, configure, make check and finally make to compile it on my laptop. The compilation was clean, no errors or warnings. Before doing make install, I would probably check the install to see what goes where before making install. It might be easy to make a port of this using the existing chilli port as a rough guide. YMMV. There seem to be users of coova on the list so I'm sure their observations would be far superior to mine. All that I can do is confirm that it compiles without using the ports system that always gives me a warm, fuzzy and secure feeling when I use it. Have a great weekend. ed P.D. This gave me an interesting idea. Be able to use my laptop as an coova AP to share a link but have no idea if it is even possible. I'll have to do some reading and some digging into the configuration or the "new" WLAN stuff with ath hal. It could be a great learning experience. > I stumbled upon unofficial port for coova-chilli from > http://www.geeklan.co.uk/?p=106 > > Now I am trying to install it on FreeBSD 7.1-PRE and the build fails: > > email# pwd > /usr/ports/net-mgmt/coova-chilli > email# make > ===> Vulnerability check disabled, database not found > => coova-chilli-1.0.12.tar.gz doesn't seem to exist in > /usr/ports/distfiles/. > => Attempting to fetch from http://ap.coova.org/chilli/. > coova-chilli-1.0.12.tar.gz 100% of 539 kB 9328 Bps > 00m00s > ===> Extracting for coova-chilli-1.0.12 > => MD5 Checksum OK for coova-chilli-1.0.12.tar.gz. > => SHA256 Checksum OK for coova-chilli-1.0.12.tar.gz. > ===> Patching for coova-chilli-1.0.12 > ===> Applying FreeBSD patches for coova-chilli-1.0.12 > ===> Configuring for coova-chilli-1.0.12 > checking for a BSD-compatible install... /usr/bin/install -c -o root -g > wheel > checking whether build environment is sane... yes > checking for gawk... gawk > checking whether make sets $(MAKE)... yes > checking for gcc... cc > checking for C compiler default output file name... a.out > checking whether the C compiler works... yes > checking whether we are cross compiling... no > checking for suffix of executables... > checking for suffix of object files... o > checking whether we are using the GNU C compiler... yes > checking whether cc accepts -g... yes > checking for cc option to accept ANSI C... none needed > checking for style of include used by make... GNU > checking dependency style of cc... gcc3 > checking build system type... configure: error: /bin/sh ./config.sub > -build=i386-portbld-freebsd7.1 failed > ===> Script "configure" failed unexpectedly. > Please report the problem to venture37@geeklan.co.uk [maintainer] and attach > the "/usr/ports/net-mgmt/coova-chilli/work/coova-chilli-1.0.12/config.log" > including the output of the failure of your make command. Also, it might be > a good idea to provide an overview of all packages installed on your system > (e.g. an `ls /var/db/pkg`). > *** Error code 1 > > Stop in /usr/ports/net-mgmt/coova-chilli. > > > The config.log is available here: > http://email.suavegroup.com/~wash/config.log.txt > > Will really appreciate your help in resolving the cause of the failure. > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > "Oh My God! They killed init! You Bastards!" > --from a /. post > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From marcello at linconet.com.br Mon Nov 24 13:21:52 2008 From: marcello at linconet.com.br (Marcello Barreto) Date: Mon Nov 24 13:22:05 2008 Subject: PF + ALTQ - Bandwidth per customer Message-ID: <20081124180411.0b065be5@wolwerine> Hello Folks, I believe you have heard this several times, but I'm new to FreeBSD and i'm trying to change my bandwidth control from Linux (iptables + TC + iproute) to Freebsd (PF + ALTQ). I read about PF and I was very interested on it, but I want to limit the bandwidth (Download and Upload) from each customer behind a router (Obviously, FreeBSD with PF.).. There are several networks and a lot of customers, and with my rules, only what I got was each customer sharing the same queue... There are my rules: altq on $external cbq queue {def_up, def_up300, def_up450, def_up600, def_up1000} altq on $internal cbq queue {def_down, def_down300, def_down450, def_down600, def_down1000} queue def_up bandwidth 10% cbq(default) queue def_down bandwidth 10% cbq(default) queue def_up300 bandwidth 128Kb cbq(red) queue def_up450 bandwidth 200Kb cbq(red) queue def_up600 bandwidth 300Kb cbq(red) queue def_up1000 bandwidth 500Kb cbq(red) queue def_down300 bandwidth 300Kb cbq(red) queue def_down450 bandwidth 450Kb cbq(red) queue def_down600 bandwidth 600Kb cbq(red) queue def_down1000 bandwidth 1024Kb cbq(red) pass in quick inet proto {tcp, udp} from to any queue def_down300 pass out quick inet proto {tcp, udp} from to any queue def_up300 Ps.: Excuse me for my bad English. -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From david_5073 at yahoo.com Sat Nov 29 06:27:34 2008 From: david_5073 at yahoo.com (David Roseman) Date: Sat Nov 29 06:27:45 2008 Subject: PF + ALTQ - Bandwidth per customer In-Reply-To: <20081124180411.0b065be5@wolwerine> Message-ID: <705757.42117.qm@web38504.mail.mud.yahoo.com> --- On Mon, 11/24/08, Marcello Barreto wrote: > From: Marcello Barreto > Subject: PF + ALTQ - Bandwidth per customer > To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org > Date: Monday, November 24, 2008, 4:04 PM > Hello Folks, > I believe you have heard this several times, but I'm > new to FreeBSD and i'm trying to change my bandwidth > control from Linux (iptables + TC + iproute) to Freebsd (PF > + ALTQ). > I read about PF and I was very interested on it, but I > want to limit the bandwidth (Download and Upload) from each > customer behind a router (Obviously, FreeBSD with PF.).. > There are several networks and a lot of customers, and with > my rules, only what I got was each customer sharing the same > queue... > > There are my rules: > altq on $external cbq queue {def_up, def_up300, def_up450, > def_up600, def_up1000} > altq on $internal cbq queue {def_down, def_down300, > def_down450, def_down600, def_down1000} > > queue def_up bandwidth 10% cbq(default) > queue def_down bandwidth 10% cbq(default) > > queue def_up300 bandwidth 128Kb cbq(red) > queue def_up450 bandwidth 200Kb cbq(red) > queue def_up600 bandwidth 300Kb cbq(red) > queue def_up1000 bandwidth 500Kb cbq(red) > > queue def_down300 bandwidth 300Kb cbq(red) > queue def_down450 bandwidth 450Kb cbq(red) > queue def_down600 bandwidth 600Kb cbq(red) > queue def_down1000 bandwidth 1024Kb cbq(red) > > > pass in quick inet proto {tcp, udp} from > to any queue def_down300 > pass out quick inet proto {tcp, udp} from > to any queue def_up300 > You should consider a commercial product rather than relying on old and somewhat unreliable technology. We've been able to squeeze a lot more customers onto our network for a $3500. investment. It paid for itself in 2 months. We have a dual-core 2.33Ghz system passing 95Mb/s with 12000 rules in place and it runs at about 10%. The latest version is truly amazing. http://www.etinc.com Regards, David From sebastian.tymkow at gmail.com Sat Nov 29 08:13:18 2008 From: sebastian.tymkow at gmail.com (=?ISO-8859-1?Q?Sebastian_Tymk=F3w?=) Date: Sat Nov 29 08:13:25 2008 Subject: PF + ALTQ - Bandwidth per customer In-Reply-To: <705757.42117.qm@web38504.mail.mud.yahoo.com> References: <20081124180411.0b065be5@wolwerine> <705757.42117.qm@web38504.mail.mud.yahoo.com> Message-ID: <692660060811290748i33059137g3977e51f692d8340@mail.gmail.com> Hello, Why do you think it's unrealiable technology ? I think system that you propose rely on this technology ;) Most of this use bsd/linux/unix on board with own solutions and than they're packed into the box with cute web interface. Of course I can be wrong... Best regards, Shamrock 2008/11/29 David Roseman > > > > --- On Mon, 11/24/08, Marcello Barreto wrote: > > > From: Marcello Barreto > > Subject: PF + ALTQ - Bandwidth per customer > > To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org > > Date: Monday, November 24, 2008, 4:04 PM > > Hello Folks, > > I believe you have heard this several times, but I'm > > new to FreeBSD and i'm trying to change my bandwidth > > control from Linux (iptables + TC + iproute) to Freebsd (PF > > + ALTQ). > > I read about PF and I was very interested on it, but I > > want to limit the bandwidth (Download and Upload) from each > > customer behind a router (Obviously, FreeBSD with PF.).. > > There are several networks and a lot of customers, and with > > my rules, only what I got was each customer sharing the same > > queue... > > > > There are my rules: > > altq on $external cbq queue {def_up, def_up300, def_up450, > > def_up600, def_up1000} > > altq on $internal cbq queue {def_down, def_down300, > > def_down450, def_down600, def_down1000} > > > > queue def_up bandwidth 10% cbq(default) > > queue def_down bandwidth 10% cbq(default) > > > > queue def_up300 bandwidth 128Kb cbq(red) > > queue def_up450 bandwidth 200Kb cbq(red) > > queue def_up600 bandwidth 300Kb cbq(red) > > queue def_up1000 bandwidth 500Kb cbq(red) > > > > queue def_down300 bandwidth 300Kb cbq(red) > > queue def_down450 bandwidth 450Kb cbq(red) > > queue def_down600 bandwidth 600Kb cbq(red) > > queue def_down1000 bandwidth 1024Kb cbq(red) > > > > > > pass in quick inet proto {tcp, udp} from > > to any queue def_down300 > > pass out quick inet proto {tcp, udp} from > > to any queue def_up300 > > > > You should consider a commercial product rather than relying on > old and somewhat unreliable technology. We've been able to squeeze a > lot more customers onto our network for a $3500. investment. It paid for > itself in 2 months. We have a dual-core 2.33Ghz system passing 95Mb/s > with 12000 rules in place and it runs at about 10%. The latest version is > truly amazing. > > http://www.etinc.com > > > Regards, > > David > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From david_5073 at yahoo.com Sat Nov 29 08:26:58 2008 From: david_5073 at yahoo.com (David Roseman) Date: Sat Nov 29 08:27:10 2008 Subject: PF + ALTQ - Bandwidth per customer In-Reply-To: <692660060811290748i33059137g3977e51f692d8340@mail.gmail.com> Message-ID: <425805.11833.qm@web38505.mail.mud.yahoo.com> Is top-posting allowed here? This product has been around longer than ALTQ and pf. So its unlikely that they threw away something that has always been superior to ALTQ to replace it with ALTQ. The release notes go back to 1996. They also claim to have re-written the FreeBSD bridging code to gain 40% in performance. http://www.etinc.com/release.notes RED and CBQ were technologies championed by Cisco. They're designed to work on CPU-starved routers. Cisco had a big problem because their routers were designed to move packets and they didn't have any cpu power available for intelligent processing required for packet shaping. So they designed these brain-dead "leaky bucket" and CBQ models to work on their cpu-starved routers in the 90s. Inexplicably, these silly techniques were copied and put into pubic operating systems, and people still use them to save what amounts to pennies compared to the new business they can attract with a better network. If you'd read the white papers you'd know its not a queue-based product and its totally custom. Window shaping is really the most important technology to reduce the amount of traffic in a nework. Slowing servers naturally without having to queue data makes a dramatic change in the delay patterns of a large network. Imagine 1000 servers sending 3000 bytes per window instead of 32K. The backup queue depths are dramatically reduced even without specific bandwidth limits per customer. It also has a traffic monitor that is indispensable in tracking down DOS attacks, worms and out of control servers. I'd pay $500. just for the monitor. I have a problem, I fire up the monitor and bingo, I find the problem. I think you can buy the lowest priced license and still use the monitor and gather statistics no matter how large your network is. David --- On Sat, 11/29/08, Sebastian Tymk?w wrote: > From: Sebastian Tymk?w > Subject: Re: PF + ALTQ - Bandwidth per customer > To: david_5073@yahoo.com > Cc: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org, "Marcello Barreto" > Date: Saturday, November 29, 2008, 10:48 AM > Hello, > > Why do you think it's unrealiable technology ? > I think system that you propose rely on this technology ;) > Most of this use bsd/linux/unix on board with own solutions > and than they're > packed into the box > with cute web interface. > Of course I can be wrong... > > Best regards, > > Shamrock > > 2008/11/29 David Roseman > > > > > > > > > --- On Mon, 11/24/08, Marcello Barreto > wrote: > > > > > From: Marcello Barreto > > > > Subject: PF + ALTQ - Bandwidth per customer > > > To: freebsd-pf@freebsd.org, > freebsd-isp@freebsd.org > > > Date: Monday, November 24, 2008, 4:04 PM > > > Hello Folks, > > > I believe you have heard this several > times, but I'm > > > new to FreeBSD and i'm trying to change my > bandwidth > > > control from Linux (iptables + TC + iproute) to > Freebsd (PF > > > + ALTQ). > > > I read about PF and I was very interested > on it, but I > > > want to limit the bandwidth (Download and Upload) > from each > > > customer behind a router (Obviously, FreeBSD with > PF.).. > > > There are several networks and a lot of > customers, and with > > > my rules, only what I got was each customer > sharing the same > > > queue... > > > > > > There are my rules: > > > altq on $external cbq queue {def_up, def_up300, > def_up450, > > > def_up600, def_up1000} > > > altq on $internal cbq queue {def_down, > def_down300, > > > def_down450, def_down600, def_down1000} > > > > > > queue def_up bandwidth 10% cbq(default) > > > queue def_down bandwidth 10% cbq(default) > > > > > > queue def_up300 bandwidth 128Kb cbq(red) > > > queue def_up450 bandwidth 200Kb cbq(red) > > > queue def_up600 bandwidth 300Kb cbq(red) > > > queue def_up1000 bandwidth 500Kb cbq(red) > > > > > > queue def_down300 bandwidth 300Kb cbq(red) > > > queue def_down450 bandwidth 450Kb cbq(red) > > > queue def_down600 bandwidth 600Kb cbq(red) > > > queue def_down1000 bandwidth 1024Kb cbq(red) > > > > > > > > > pass in quick inet proto {tcp, udp} from > > > > to any queue def_down300 > > > pass out quick inet proto {tcp, udp} from > > > to any queue def_up300 > > > > > > > You should consider a commercial product rather than > relying on > > old and somewhat unreliable technology. We've been > able to squeeze a > > lot more customers onto our network for a $3500. > investment. It paid for > > itself in 2 months. We have a dual-core 2.33Ghz system > passing 95Mb/s > > with 12000 rules in place and it runs at about 10%. > The latest version is > > truly amazing. > > > > http://www.etinc.com > > > > > > Regards, > > > > David