"Daniel Egger" <egger@..> wrote: > Hija, > sorry for sounding a little lost here but that's probably because I am. > Let me explain what I'm trying to do: > I've a gateways with one uplink and several disjoint networks beneath it > like: > | T1 > --------- > | GW | > --------- > / \ > ------------- ------------- > |10.0.0.0/24| ... |10.0.5.0/24| > ------------- ------------- > > Now what I need is to simply classify users in the network segments into > speed classes (gold/silver/bronze) and cap their traffic at fixed levels You probably should put your users into different segments for different speed classes. That would be wise if it could be done. If not, try to make your users in high class get static IP address. Even DHCP could be set static for the range of ip addresses (exception). > inbound and outbound. My idea was to simply add one class and one filter > per used ip which should be no problem, however I have no idea how to > get rid of this class and filter once the user vanished or replace it by > another value when a different users shows up taking the same address. > The problems are: How do I figure out the tree id from the ip? Or how > can I reconfigure the limit without knowing the id? > A different idea would be to add (say) 500 classes for each speed level > and remember the used/unused ones in the application and serve the next > free class to a user by creating a filter on logon and removing that > later on. > If you now say: Hey, that pretty easy; please hold on. :) Additionally I > don't know the addresses in advance because they're either served using > DHCP or set up in a fixed manner and routed thanks to arpspoofing so > this doesn't seem to make a good case for hashing. Also I somehow need > to also take care of the traffic which goes through transparent DNS and > http proxies. > Any help and ideas would be greatly appreciated. Try with iptables mark. Put each packet you decide to manage into mangle table with mark. I hope it will help. Regards, Rio Martin. -- NOC Itenas-net. _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
