how about limiting on MAC addresses :? On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote:
> Hello all, > I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the > internet and eth1(192.168.100.x) to my local network customers. I've enabled > nat and my customers are able to browse the internet well (My customer are > cyber cafe owners). I've limited their bandwidth. The issue is that I've > limited their bandwidth on ipbasis ( say 192.168.100.6 is assigned 64kbps). > My view is that they can change their ip to something else (say > 192.168.100.15) and consume full bandwidth because i've not limited or given > more bandwidth to that particual ip. > > To accomplish my condition, I thought of: > > #iptables -P FORWARD DROP > To disable all packet forwarding by default. > and then > > #iptables -A FORWARD -s 192.168.100.6 -i eth1 -j ACCEPT > To allow my that particular ip to access the net. > > But after this command the customer isn't able to browse the net. He's still > able to ping my masquerading server. Where am i wrong and what could be a > solution ? Please help ! > > I also think my approach to be insufficient. Because still my customer with > ip (192.168.100.6) can connect to the net if he changes the ip to my some > other customers ip (192.168.100.15), say if his machine is shutdown at that > time. > > Is there a better approach ? > Any reply will be greatly appreciated. > > Ritesh > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
