Ubuntu Networking :: Limit VPN Traffic ?
Apr 2, 2010
I have ubuntu server with PPTP on it. I need to limit single connection speed for ip 1 mbit/s, and mounthly traffic limit to 5 GB. How i can do this my task. I try to find somthing with ip tables, but can't find how to creat mounthly limits.PPTP do not have this option, maybe is some other, not hard for configure VPN server? Maybe someone make this task with iptables, and can give commands for limiting? Ofcorse VPN program with integrated accaunts and limits will be better.
View 1 Replies
ADVERTISEMENT
Nov 8, 2010
I would like to be able to monitor which programs are allowed to access the internet, but a search for programs to do this has turned up nothing. Preferably, I would like a notification to come up every time an application uses the internet. Is there any (n00b friendly) software available to do that?
View 2 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Dec 28, 2010
my secure log is flooding with these messages..
sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'soft'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
View 3 Replies
View Related
May 12, 2010
I have a VPS server with 512 MB memory. The php.ini is set so script memory limit = 16 MB. However, I have noticed in my top report, instances like the following:
Quote:
5484 coldclim 25 0 46476 32m 5920 R 0.0 6.4 0:00.93 php
The bold number of 6.4 is the % of sever memory this process is using. 6.4 % of 512 MB of memory is about 32 MB of memory, so it appears that this isn't being limited by php.ini. Am I correct? This leads to the next question: Is there some way to limit the amount of memory a single suphp process can use? (Basically, something like the setting in php.ini which limits suphp processes in the same way.)
View 2 Replies
View Related
Nov 4, 2010
I need to adjust what exactly ufw LIMIT port# does.I like the fact that the port is getting limited, but ufw overdoes it a bit. Is there a config file somewhere I can edit?
View 5 Replies
View Related
Feb 2, 2011
I've got 4 or 5 of these TRENDnet USB network adapters ( TU-ET100c ) that I use frequently when I'm configuring firewalls or IPS devices for customers. I use them in combination with VirtualBox to test. They've always worked great until my new laptop I just got, and I put 10.04 on it. Previously I was on 9.x. Sometimes they will give a link light, other times not. And when they do the interface shows that it's up, but I can't get any traffic across the interface.
[code]...
View 3 Replies
View Related
Mar 1, 2011
I have access to a VPN I use when having confidential instant messaging sessions. For the purposes of my work, essentially.I'm a command line kind of guy, and like to use Finch (the shell version of Pidgin) for those.However, when I turn on my OpenVPN connection it routes all traffic through the VPN. Web-browsing, IMing, and I can no longer access other machines on my home network.Can I set OpenVPN to only route traffic I ask through that connection (either by port number or application, or some way I haven't thought of), while other traffic flows through my usual home network?Some kind of local proxy perhaps? Or a dd-wrt box set up as a proxy, connected to OpenVPN?I've played around with the GUI environment too (I have a basic GUI I sometimes use on my main machine) and have installed the full desktop 10.10 on a second machine just to see if I can work it out.
View 2 Replies
View Related
Jun 30, 2011
I have a VPN account and have been running it perfectly on windows without any problems but I deleted my windows OS because I wanted to force myself to learn a Linux OS. I have installed the configuration package through the terminal and have followed this guide exactly
[URL]
The VPN was giving me a no secrets error to start off but I managed to fix and now it connects for about 40seconds but whilst it is connected, the internet is completely useless and I can't get on anything... It then disconnects after 40 seconds saying it has failed.
I installed firestarter to see if I could tweak it there to work but it was beyond me and I could also see from the data being sent that none of it was going through tap0 whilst the VPN was connected..
View 3 Replies
View Related
Jun 30, 2010
I was wondering if there was a Windows or Ubuntu way to limit the amount of data that is able to be sent over the internet between certain times, eg. Between the times of 7am and 7pm can only download 300 MB from the web, when this limit is reached the web is either disconnected or slowed down.
View 2 Replies
View Related
Jul 25, 2010
I need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
View 9 Replies
View Related
Aug 31, 2010
I'm facing a problem when I establish VPN connections using OpenVPN to Your Freedom Server. " you can see their documentation here ", I've installed OpenVPN from synaptic and I used the client to connect through VPN and it works !! but there is no traffic in FF or any application !!I tired to insert some HTTP proxy also belongs to the same server and it works. What really wonders me is that OpenVPN seems to work only when I'm connecting to streams sites "e.g. ustream, justin.tv" Is there anyway to force the whole traffic to use OpenVPN " I'm using Mobile modem and it works fine with OpenVPN in win7
View 7 Replies
View Related
Jan 16, 2011
I noticed a huge data transfer to my computer. I wasn't downloading anything big, I have just opened Firefox, Thunderbird etc. It stopped after a minute but I'd like to know, what that was - this wasn't the first time something like this happened. I promptly started Wireshark and captured a few packets, all of them look like this:
[code]...
I tried to look at [URL]... but that webpage does not work. what the traffic might be caused by? Couldn't anyone hacked my pc?
View 9 Replies
View Related
Jan 20, 2011
Is there an easy way to monitor network traffic? I want to make sure my kids are surfing safe...
View 5 Replies
View Related
Jan 24, 2011
first, here is our setup:
Linksys Router with firewall
1 Linux Server -- Running Dapper
Multiple Linux ThinClients running off the linux server
Multiple Freestanding Linux Machines -- Running ubuntu variants
Multiple Freestanding Windows Machines -- Running windows variants
The issue is that certain websites will not load on the freestanding linux machines, but they will load on our linux server and all the windows machines. examples: [URL].. These sites will start to load, but they never really finish and just seem to time out. I have tried changing the dns on the freestanding linux laptops to use 208.67.220.220 and this does not solve the problem.
I have checked the firewall rules and they seem pretty standard.when the linux machines are used on other networks, these websites work, so the problem seems to be related to this particular network.
When I do (freestanding linux):
Code:
traceroute acer.com -I
The trace times out at 30 hops
When I do (linux server):
Code:
traceroute acer.com -I
The trace reaches the destination at 19 hops
Both of the traceroute requests start by going through the router. So the big issue is that websites will load on our linux server and all our windows machines, but not on freestanding linux clients.
View 4 Replies
View Related
Apr 19, 2011
For about 3-4 weeks, my file system used space was growing and growing. After some days, I decided to analyze the file system in order to understand what is going on. Well, the results returned that the log files at /var/log ( especially kern.log, syslog and messages ) were the log files that were sucking the free space. I searched if this was some kind of bug but it turned out that if these files are growing, the problem is in the records.
So I picked from the tail of the messages log the last 50 lines and I saw this:
Code:
Apr 19 21:28:40 laptop kernel: [ 586.734226] [UFW ALLOW] IN= OUT=wlan0 SRC=192.168.1.2 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Apr 19 21:28:40 laptop kernel: [ 586.734287] [UFW AUDIT] IN=wlan0 OUT= MAC= SRC=192.168.1.2 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
[Code].....
View 1 Replies
View Related
Jun 9, 2011
Does anybody know a way to log traffic on a single interface/IP by process? Specifically what I want to record is traffic usage by user, but I can match PIDs against user to product stats and the user would also be in the full command line of the process.
There is a nice tool called nethogs that I often use to monitor traffic this way in realtime, but I would like to log the accumulated traffic rather than just monitor it.
View 1 Replies
View Related
Jun 29, 2011
My laptop has become very sluggish. So I loaded firestarter firewall. It is reporting loads of incoming UDP traffic. I only use this machine for Skype and Firefox based work as most of my stuff is kept on the cloud. Is it safe to stop all this UDP traffic? It would free up my CPU I guess. It seems port 56095 is getting hammered.
View 8 Replies
View Related
May 30, 2010
I have a linux box running between my router and my LAN. My connection speed is 10MB download and 1MB upload. The issue is that whenever someone starts to upload something, it is like my connection is down. No one else can open websites, read emails etc.Is it possible to place a limit for upload, maybe 50kb/s? This way, people won't use the entire upload speed available.
View 1 Replies
View Related
Aug 17, 2010
I want to use the tc rules for bandwidth control in my lan.i have a linux router(traffic shaper).how i can limit the amount of bandwidth every user has access to per day? For example, any user can't download more than 2 gb per day(or per month).
The information about lan's users(such as a group type,userid,etc.but not any thing about time limiting per user)is in ldap directory on ldap server.the linux server uses ldap server for authentication users when the user login.
View 6 Replies
View Related
May 11, 2010
I've succesfullly connected to my vpn with kvpnc, but none of my traffic is going through the vpn! I dont know how to route traffic to the vpn. for instance, when I go to whatsmyip.com it still has my previous ip.
View 1 Replies
View Related
Jul 11, 2010
I have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
View 4 Replies
View Related
Dec 1, 2010
I'm trying to inspect network traffic from my iPhone / iPad / Kindle / other wi-fi only consumer electronic device. To do this I man-in-the-middle myself (connect laptop to LAN via wire, create wireless Ad-hoc network, bridge the connections, then connect my device to the ad-hoc wi-fi network) and use Wireshark to watch the traffic.
In the past this has been adequate for my needs (just wanted to watch and see what potentially private info was being leaked about me / see that banking / amazon / etc apps were going over SSL). Now I've noticed that applications are almost all using SSL (which is great) but they are way to active for my taste. I'd like to use these apps but want to know what's happening in the background. I know that corporations dead-end SSL connections at their proxys to inspect the traffic and then re-establish the connection on behalf of the user for the trip across the internet. While I find the corporate use a bit distasteful, I think this is exactly what I'd need to do to myself. Any suggestions for how to do so or other ideas on how to get the packets in the clear?
View 3 Replies
View Related
Oct 19, 2010
How are packets treated that do not match any of the filters?
View 4 Replies
View Related
Feb 23, 2011
I want to simulate video traffic in ns2.31 .I have added mpeg4_traffic patch in Contributed codes in NS2 web site . I receive segmentation fault error ,when I debug code I got a lot of error ,I don't know what to do ? does no one know how should transmit video in ns2 ??
View 14 Replies
View Related
Feb 17, 2010
I was trying to find some free VPN service for access restricted pages. I found some working programs for win XP, but nothing works under Linux (TOR was too slow and now it is blocked). I was using program PacketiX under win, and it has also Linux version without GUI, but i was not able to make it work, because I dont know, how can I make firefox to connect through the VPN service.
I downloaded the client here [URL]
I was able to make it work with this guide [URL]
But i dont know, how to adjust routing table so I can connect to the internet through the VPN service.
ifconfig
Code:
ath0 Link encap:Ethernet HWaddr 00:05:4e:4d:c5:5f
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:576 Metric:1
[Code].....
View 1 Replies
View Related
Jul 27, 2010
I have a desktop, a laptop, & a wireless router. The router, unfortunately, doesn't support dd-wrt, tomato, etc firmware, but I would still like to prioritize voip/web browsing over bulk Internet traffic. I hope I can offload the router's missing QoS to my desktop.
Is it possible to have the laptop's connection go from the wall to the router to the desktop, where the desktop could perform the QoS of tomato, then continue on to the laptop? I'm a bit of a noob to networking (subnets?) but do well enough following good instructions.
As for the program that would do the QoS... Don't some Linux machines basically work as super-powered routers for businesses? So there must be some package but couldn't find one. The closest I got was wondershaper but it only shapes traffic for the computer on which it's installed; it might form part of the solution but falls short on its own. other devices should be able to access the Internet normally if the desktop is turned off, & work with other devices like a (jailbroken) iPod Touch.
View 1 Replies
View Related
