Tagged: ndpi iptables dmesg
March 31, 2007 at 7:50 am #40586
First of all thanks for this wonderful stuff. My question is that is it possible to restrict the individual user (up & down) bandwidth on his mac address. Is there any policy that i should be able to associate mac addresses with IP addresses. Proxy having web filter, anti virus and update cache (windows patches, adobe, java, anti virus and etc ) features will make it really a good open source product.
ThanksMarch 31, 2007 at 11:53 am #45245
Using the QoS Classifier you just have to specify the source MAC address and the target Qos class on which you have configured the bandwidth that you want to assign to the client.
To associate an IP address to a MAC address you can use DHCP static entries in the [DHCP] section.March 31, 2007 at 12:36 pm #45246
Thanks u for your quick respond. Is there any firewall policy that if some changes it IP address zeroshell stops responding them?March 31, 2007 at 12:56 pm #45247
You could set the default policy for the FORWARD chain to DROP and then you just have to add for any client a firewall rule in which you specify the source IP and the source MAC and the target ACCEPT. Don’t forget to ACCEPT the incoming traffic from the WAN and other LANs.March 31, 2007 at 6:41 pm #45248
i ve tried as u sugessted but did not succeed. Here is my firewall policy
>>> DROP (default chain)
then i added the following rule to the FORWARD chain
ACCEPT all opt — in * out * 192.168.10.9 -> 0.0.0.0/0 MAC
after saving no packet is forwarded.
ThnxApril 1, 2007 at 6:39 am #45249
I said to you to not forget to accept the traffic that is incoming from the WAN.
You could solve by including the rule
ACCEPT all opt — in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0
where ETH01 is the interface that connects your LAN to Internet.April 1, 2007 at 5:43 pm #45250
Thank u for ur kind support. Now i want to control the per MAC (up & down) bandwidth. should i configure the zeroshell as a bridge? Which interface i will use for this so that i should be able to control the bandwidth.
ThanksApril 2, 2007 at 6:14 pm #45251
Follow the procedure described in the document at the URL http://www.zeroshell.net/eng/qos/ to build a QoS bridge or router.
At the point in which you have to classify the traffic, instead to use the layer 7 filters in the Qos classifier, you must specify the source MAC address of your hosts.
Keep in mind that with the source mac you only are able to control the uploading bandwidth. To control the downloading one you can use the destination IP addresses of the host. To understand which interfaces you have to use, read the above document.April 3, 2007 at 6:00 pm #45252
Thanks a lot.April 20, 2016 at 12:37 pm #45253
I associated my QoS class to a Mac Address but error messeage says. iptables Bad Argument. run _dmesg for more information
How can i fix this?
best regards.September 21, 2018 at 8:40 pm #64422
same problem here (iptables Bad Argument. run _dmesg for more information), in NDPI rule.
You must be logged in to reply to this topic.