| View previous topic :: View next topic |
| Author |
Message |
kami
Joined: 31 Mar 2007
Posts: 9
Location: ISB Pk
|
 Posted: Sat Mar 31, 2007 7:50 am Post subject: QoS |
 |
|
hi guys!
First of all thanks for this wonderful stuff. My question is that is it possible to restrict the individual user (up & down) bandwidth on his mac address. Is there any policy that i should be able to associate mac addresses with IP addresses. Proxy having web filter, anti virus and update cache (windows patches, adobe, java, anti virus and etc ) features will make it really a good open source product.
Thanks |
|
| Back to top |
|
 |
fulvio
Site Admin
Joined: 01 Nov 2006
Posts: 997
|
| Posted: Sat Mar 31, 2007 11:53 am Post subject: |
|
|
Using the QoS Classifier you just have to specify the source MAC address and the target Qos class on which you have configured the bandwidth that you want to assign to the client.
To associate an IP address to a MAC address you can use DHCP static entries in the [DHCP] section. |
|
| Back to top |
|
|
kami
Joined: 31 Mar 2007
Posts: 9
Location: ISB Pk
|
| Posted: Sat Mar 31, 2007 12:36 pm Post subject: |
|
|
| Thanks u for your quick respond. Is there any firewall policy that if some changes it IP address zeroshell stops responding them? |
|
| Back to top |
|
|
fulvio
Site Admin
Joined: 01 Nov 2006
Posts: 997
|
| Posted: Sat Mar 31, 2007 12:56 pm Post subject: |
|
|
| You could set the default policy for the FORWARD chain to DROP and then you just have to add for any client a firewall rule in which you specify the source IP and the source MAC and the target ACCEPT. Don't forget to ACCEPT the incoming traffic from the WAN and other LANs. |
|
| Back to top |
|
|
kami
Joined: 31 Mar 2007
Posts: 9
Location: ISB Pk
|
| Posted: Sat Mar 31, 2007 6:41 pm Post subject: |
|
|
i ve tried as u sugessted but did not succeed. Here is my firewall policy
FORWARD ------>>> DROP (default chain)
then i added the following rule to the FORWARD chain
ACCEPT all opt -- in * out * 192.168.10.9 -> 0.0.0.0/0 MAC
00:10:5A:0D:C9:9A.
after saving no packet is forwarded.
Thnx |
|
| Back to top |
|
|
fulvio
Site Admin
Joined: 01 Nov 2006
Posts: 997
|
| Posted: Sun Apr 01, 2007 6:39 am Post subject: |
|
|
I said to you to not forget to accept the traffic that is incoming from the WAN.
You could solve by including the rule
ACCEPT all opt -- in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0
where ETH01 is the interface that connects your LAN to Internet. |
|
| Back to top |
|
|
kami
Joined: 31 Mar 2007
Posts: 9
Location: ISB Pk
|
| Posted: Sun Apr 01, 2007 5:43 pm Post subject: |
|
|
Thank u for ur kind support. Now i want to control the per MAC (up & down) bandwidth. should i configure the zeroshell as a bridge? Which interface i will use for this so that i should be able to control the bandwidth.
Thanks |
|
| Back to top |
|
|
fulvio
Site Admin
Joined: 01 Nov 2006
Posts: 997
|
| Posted: Mon Apr 02, 2007 6:14 pm Post subject: |
|
|
Follow the procedure described in the document at the URL http://www.zeroshell.net/eng/qos/ to build a QoS bridge or router.
At the point in which you have to classify the traffic, instead to use the layer 7 filters in the Qos classifier, you must specify the source MAC address of your hosts.
Keep in mind that with the source mac you only are able to control the uploading bandwidth. To control the downloading one you can use the destination IP addresses of the host. To understand which interfaces you have to use, read the above document. |
|
| Back to top |
|
|
kami
Joined: 31 Mar 2007
Posts: 9
Location: ISB Pk
|
| Posted: Tue Apr 03, 2007 6:00 pm Post subject: |
|
|
| Thanks a lot. |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
