Hi I have to manage a network with approx. 200 users, a 256kbit/s unmanaged Internet connection and a 3Mbit/s unreliable managed Internet connection (only http/ftp-proxy and ssh available). All users are in one Class C Subnet with 512 IP-Addresses. 60% of the machines are Windows. The rest are SUN and Linux. At the moment Windows viruses and p2p-traffic eats most of our bandwidth. My Aims are: - inform Windows users with a virus problem; limit their traffic to http over proxy - allocate different bandwidth to different user groups on port level (to limit p2p traffic) depending on time (day/night) - allocate different amounts of traffic to groups and reduce the night bandwidth of user groups who exceed their daily limit - prevent that users get access to a different group by simply taking an IP address from a different group without creating an access control list with IP/MAC Pairs - users should be able to monitor the bandwidth usage of their group on a web page - the 3Mbit/s uplink should be used whenever possible/available (ssh + ftp/http proxy) - preserve privacy of users as far as possible The idea is to split the network using transparent bridgewalls. This should manage the traffic on port level for each group using Netfilter in Bridge Mode and using IPP2P to limit P2P-traffic. Group limitations should be implemented here. A firewall should be installed on the gateway to the Internet. The firewall should do NAT and have a QoS setup managing and monitoring the real outgoing traffic. I plan to use the cookbook example 15.10 from the lartc as a base. My question is if there are known running solutions out there that would fit these aims? The Windows machines with their viruses give me a headache. I do not want to enforce remote Windows patching and virusscanner updating. It should also be taken into account that there is nearly no money available for any special equipment. Best would be to get this job done with a couple of old computers. Another question is that I want to know if it is advisable to split traffic filtering and traffic management/monitoring. I would appreciate any help. Regards Ralf _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
