> Yes, many of us do. Napster is all good and well, and I wouldn't like to > prohibit it, but once it starts using sizeable amounts of your bandwidth, > the fun goes out of it. Well... I believe that I can say that we are still afloat even with Napster enabled. My only loophole is this upload mechanism. The latest beta from Napster has port 0 as the default. >> Out-User is logged on to Napster:8888 with shared port 6699. >> Out-User wants a file from In-User. >> Out-User tells Napster:8888: go tell In-User. >> Napster:8888 tells In-User: Out-User:6699 wants file x. >> In-User opens a new socket and contacts Out-User:6699. >> Out-User now has a TCP connection to In-User and can receive file x. >The problem is that you need to recognize, specifically, outbound napster >connections. Would any connection *to* port 6699 be an outgoing napster >connection? You may be onto something. I just wanted to avoind learning how to read a tcpdump file to figure this out. >> How am I supposed to stop that? >> Some may say: just slow it down enough so that it is unusable. >> The problem is that if I am DOWNLOADING a song from an Out-User:6699, I have >> to send an acknowledgement packet that has to fight traffic with songs being >> uploaded. The final effect is that I will get slow downloads as well. >You want to have your cake, and eat it :-) Perhaps you can make it really >complicated, and exempt ACK packets from accounting? I expect that the u32 >match is up to this. Otherwise, select on large/small packets. Well, you may have a good idea. I can do that with iptables as well... I had not though about that... I will give it a try. I will post the results later. >> I would greatly appreciate any ideas/comments/suggestions... heck I would >> even like getting flamed if it led me to some solution. >I would really like to find a way that enables you to throttle napster >service, so as to keep it alive, but not kill it. You can. I have gone through several attempts, but this seems to be the winner. I have a single T1. I allocate 1Mbit in to 2 bands: FTP/NEWS , and Napster (and all other Napster Like apps). I give each band 500Kbit but they can borrow from each other. For web browsing, they are force-feed trough a transparent proxy and its throttle is controlled internally (besides, the packet comes IN to Squid gets unwrapped rewrapped and OUT to the user without traversing the forward chain making it difficult to throuttle) with delay pools (another way too cool bandwidth management system). It is working great. I am certain you will find a happy medium for yourself as well. Thank you Peter Frischknecht