Data Limiting

Erik Norgaard norgaard at locolomo.org
Sun Jan 16 10:14:09 PST 2005 

Subhro wrote:
> I need your suggestion about limiting the data that can be transferred by
> each of the hosts on a LAN. Let me explain my setup. The hosts get internet
> access from a box running as a gateway (NAT). This box can't be touched as
> my boss won't allow me to do so. I have decided to run a FreeBSD box as a
> bridge between the NAT and the rest of the hosts of the LAN. Is it possible
> to limit the amount of Data transferred per month by each of the hosts of
> the LAN? If yes then how? It would also be nice if I could allow the users
> to see how much data they have already transferred.

Yes, you can consider two options, limiting bandwith - this can be done 
with pf or doing traffic accounting. pf traffic accounting unfortunately 
does not support distinction between up and download, I tried once to 
ask how to do this on the misc at openbsd.org list but got no usefull answer.

You can also use ipfilter which has easier accounting IMO. I have done 
this with ipfilter - the problem is that accounting is not per user but 
per host, so you must assume that each user uses only the same host(s).

Also, you need to register each host - this has the good benefit that 
you can combine it with a hardware list which is usefull in case of theft.

The solution I created was to count download for each host pr day and 
sum up for the last 7 days, if this exeeded the acceptable limit the 
host would be blocked untill the sum for the last 7 days were again 
below the limit. A user could decide to "spend all quota" in one day or 
distribute evenly. Also, I created a web interface to let the user see 
the statistics for the last 7 days.

I have been redeveloping this, and currently I can't give you anything 
close to stable :-( but really, it's all about scripting once you have 
the numbers out.

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2

More information about the freebsd-questions mailing list