Hello.
On linux you could do
iptables -t nat -I PREROUTING -p tcp --dport 80 -s source_ip -j DNAT
--to-destination apache_running_machine:80
iptables -I FORWARD -s source_ip -p tcp --dport 53 -j ACCEPT
iptables -I FORWARD -s source_ip -p udp --dport 53 -j ACCEPT
considering you don't have a DROP policy or else you're gonna need to
pass DNS both ways. Without DNS resolving i had problems reaching the
page. For example: client tries to reach google.com, browser just
hits timeout -> page cannot be reached. The request won't reach
redirect if DNS is blocked.
on *BSD running ipf
rdr fxp0 source_ip/32 port 80 -> apache_running_machine port 80
or if using ipfw
ipfw add 200 divert 80 tcp from source_ip to apache_running_machine
80 via whateverif0
Again make sure firewall rules do not block client's DNS requests.
For the bandwidth shaping you need a queue with very tiny bandwidth
figures and just throw every bad payer in. Look for ALTQ on
Open/NetBSD or dummynet on FreeBSD, cbq/htb on linux.
--Adrian.
At 11:56 AM 11/29/2005, you wrote:
Hey guys ..
Anyone got any ideas on this , would like in the most primitive way for now
be able to have users who have not paid there bill be redirected to a page
and also not be able to use any of my bandwidth say put a minimum of 8k ,
anyone got any ideas.
i have PIX 515E, Packeteer and a few cisco routers and *nix boxes to play
with , which would be appropriate.
cheers
--
--
Fanaticism consists of redoubling your effort when you have forgotten your
aim.
-- George Santayana
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
