10-06-2003
Bandwidth Caping With PF
i have two questions actually...
i need to block certain ports with openbsd and PF in a large lan, the firewall is supposed to be a router between the internet and the first lan switch.
first of all, would this work at all in theory?
second, i tried doing this a few days ago at a huge lan but i just couldn't do it and still i was following all the OpenBSD.org instructions in their PF user guide, i did get internet working on the bsd box with a DNS server to connect to and two ethernet cards that worked only i could only connect to one of them not the other even though i had set an ip on both so i never got that firewall working so i was wonderig if anyone could help me.
second question is, would it be possible to in this lan mentioned above cap the bandwidth on most of the lan but not on the crews computers, and if this is possible could anyone point me to a nice tutorial about it or tell me how.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I'm on T1, is there any way i can check my acctual bandwidth?
Thank you all (3 Replies)
Discussion started by: solvman
3 Replies
2. IP Networking
Hello,
I was wondering how one would go about regulating bandwidth of a server running RH Linux 8.0 and Apache. I am running a webserver, and want only one person to be able to download one file at a time. So, they can't click about 10 files and soak up lots of bandwidth. Plus, I would like to cap... (2 Replies)
Discussion started by: Phobos
2 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I'm looking for some way to bring up in a shell window a realtime (or something that updates at 10 second intervals or whatever) bandwidth monitor.
I just want something that shows me how much kbps is going in and how much is going out of each interface. Is there something that might... (2 Replies)
Discussion started by: d11wtq
2 Replies
4. UNIX for Advanced & Expert Users
Hi Gurus,
Need to have a way to monitor Bandwidth utilization on Linux servers, running squid .
Have worked on 3rd party monitoring tools like Bandwidth d, Nagios etc.
But we are working to find out a way to monitor this through Sitescope, for which we need to find a file where the... (4 Replies)
Discussion started by: Crazy_murli
4 Replies
5. IP Networking
Hi,
1-What is bandewidth ?
2-How to calculate ?
3-How to measure ? Any free software to measure it ?
Many thanks. (4 Replies)
Discussion started by: big123456
4 Replies
6. IP Networking
Hi all
I have been running iptraf on a linux box for a few months monitoring bandwidth utilization realtime from mac address with port mirroring.
Now I want to graph these bandwidth utilization. Is MRTG the right software?
Any ideas? (4 Replies)
Discussion started by: palm101
4 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I am very new to scripting and have a question regarding variables and their use in a bandwidth monitoring script.
I have identified a few primary variables being;
Bandwidth CIR Download=32kbits <- these match as per the script below
Bandwidth PIR Download=96kbits
Bandwidth CIR... (1 Reply)
Discussion started by: vinnir
1 Replies
8. Programming
I wish to develop an application to monitor the network traffic of my system.
I wish to know which computer networked to me is using most of the bandwidth. I know the basics of python but do not know how to start the work.. please suggest some good methods to follow. (7 Replies)
Discussion started by: coderhs
7 Replies
9. IP Networking
Many papers, articles and posts about network bandwidth requirements refer to network traffic rules-of-thumb when estimating bandwidth requirements for a new network with an unknown load. I've seen a couple rules for video and VoIP.
I'd be thankful if someone could share any rules-of thumb they... (5 Replies)
Discussion started by: redrider
5 Replies
LEARN ABOUT CENTOS
net::config
Net::Config(3pm) Perl Programmers Reference Guide Net::Config(3pm)
NAME
Net::Config - Local configuration data for libnet
SYNOPSYS
use Net::Config qw(%NetConfig);
DESCRIPTION
"Net::Config" holds configuration data for the modules in the libnet distribution. During installation you will be asked for these values.
The configuration data is held globally in a file in the perl installation tree, but a user may override any of these values by providing
their own. This can be done by having a ".libnetrc" file in their home directory. This file should return a reference to a HASH containing
the keys described below. For example
# .libnetrc
{
nntp_hosts => [ "my_preferred_host" ],
ph_hosts => [ "my_ph_server" ],
}
__END__
METHODS
"Net::Config" defines the following methods. They are methods as they are invoked as class methods. This is because "Net::Config" inherits
from "Net::LocalCfg" so you can override these methods if you want.
requires_firewall HOST
Attempts to determine if a given host is outside your firewall. Possible return values are.
-1 Cannot lookup hostname
0 Host is inside firewall (or there is no ftp_firewall entry)
1 Host is outside the firewall
This is done by using hostname lookup and the "local_netmask" entry in the configuration data.
NetConfig VALUES
nntp_hosts
snpp_hosts
pop3_hosts
smtp_hosts
ph_hosts
daytime_hosts
time_hosts
Each is a reference to an array of hostnames (in order of preference), which should be used for the given protocol
inet_domain
Your internet domain name
ftp_firewall
If you have an FTP proxy firewall (NOT an HTTP or SOCKS firewall) then this value should be set to the firewall hostname. If your
firewall does not listen to port 21, then this value should be set to "hostname:port" (eg "hostname:99")
ftp_firewall_type
There are many different ftp firewall products available. But unfortunately there is no standard for how to traverse a firewall. The
list below shows the sequence of commands that Net::FTP will use
user Username for remote host
pass Password for remote host
fwuser Username for firewall
fwpass Password for firewall
remote.host The hostname of the remote ftp server
0 There is no firewall
1
USER user@remote.host
PASS pass
2
USER fwuser
PASS fwpass
USER user@remote.host
PASS pass
3
USER fwuser
PASS fwpass
SITE remote.site
USER user
PASS pass
4
USER fwuser
PASS fwpass
OPEN remote.site
USER user
PASS pass
5
USER user@fwuser@remote.site
PASS pass@fwpass
6
USER fwuser@remote.site
PASS fwpass
USER user
PASS pass
7
USER user@remote.host
PASS pass
AUTH fwuser
RESP fwpass
ftp_ext_passive
ftp_int_passive
FTP servers can work in passive or active mode. Active mode is when you want to transfer data you have to tell the server the address
and port to connect to. Passive mode is when the server provide the address and port and you establish the connection.
With some firewalls active mode does not work as the server cannot connect to your machine (because you are behind a firewall) and the
firewall does not re-write the command. In this case you should set "ftp_ext_passive" to a true value.
Some servers are configured to only work in passive mode. If you have one of these you can force "Net::FTP" to always transfer in
passive mode; when not going via a firewall, by setting "ftp_int_passive" to a true value.
local_netmask
A reference to a list of netmask strings in the form "134.99.4.0/24". These are used by the "requires_firewall" function to determine
if a given host is inside or outside your firewall.
The following entries are used during installation & testing on the libnet package
test_hosts
If true then "make test" may attempt to connect to hosts given in the configuration.
test_exists
If true then "Configure" will check each hostname given that it exists
perl v5.16.3 2014-06-17 Net::Config(3pm)