QoS

This topic contains 10 replies, has 4 voices, and was last updated by  Alex Berbert 6 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #40586

    kami
    Member

    hi guys!

    First of all thanks for this wonderful stuff. My question is that is it possible to restrict the individual user (up & down) bandwidth on his mac address. Is there any policy that i should be able to associate mac addresses with IP addresses. Proxy having web filter, anti virus and update cache (windows patches, adobe, java, anti virus and etc ) features will make it really a good open source product.

    Thanks

    #45245

    imported_fulvio
    Participant

    Using the QoS Classifier you just have to specify the source MAC address and the target Qos class on which you have configured the bandwidth that you want to assign to the client.
    To associate an IP address to a MAC address you can use DHCP static entries in the [DHCP] section.

    #45246

    kami
    Member

    Thanks u for your quick respond. Is there any firewall policy that if some changes it IP address zeroshell stops responding them?

    #45247

    imported_fulvio
    Participant

    You could set the default policy for the FORWARD chain to DROP and then you just have to add for any client a firewall rule in which you specify the source IP and the source MAC and the target ACCEPT. Don’t forget to ACCEPT the incoming traffic from the WAN and other LANs.

    #45248

    kami
    Member

    i ve tried as u sugessted but did not succeed. Here is my firewall policy
    FORWARD


    >>> DROP (default chain)
    then i added the following rule to the FORWARD chain
    ACCEPT all opt — in * out * 192.168.10.9 -> 0.0.0.0/0 MAC
    00:10:5A:0D:C9:9A.
    after saving no packet is forwarded.

    Thnx

    #45249

    imported_fulvio
    Participant

    I said to you to not forget to accept the traffic that is incoming from the WAN.
    You could solve by including the rule

    ACCEPT all opt — in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0

    where ETH01 is the interface that connects your LAN to Internet.

    #45250

    kami
    Member

    Thank u for ur kind support. Now i want to control the per MAC (up & down) bandwidth. should i configure the zeroshell as a bridge? Which interface i will use for this so that i should be able to control the bandwidth.

    Thanks

    #45251

    imported_fulvio
    Participant

    Follow the procedure described in the document at the URL http://www.zeroshell.net/eng/qos/ to build a QoS bridge or router.
    At the point in which you have to classify the traffic, instead to use the layer 7 filters in the Qos classifier, you must specify the source MAC address of your hosts.
    Keep in mind that with the source mac you only are able to control the uploading bandwidth. To control the downloading one you can use the destination IP addresses of the host. To understand which interfaces you have to use, read the above document.

    #45252

    kami
    Member

    Thanks a lot.

    #45253

    gemlorenz
    Member

    I associated my QoS class to a Mac Address but error messeage says. iptables Bad Argument. run _dmesg for more information

    How can i fix this?

    best regards.

    #64422

    Alex Berbert
    Participant

    same problem here (iptables Bad Argument. run _dmesg for more information), in NDPI rule.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.