[ previous ] [ next ] [ threads ]
 From:  "David Rando" <david at davidrando dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuracion wireless en monowall
 Date:  Wed, 24 May 2006 01:16:14 +0200
Guys, i've been searching on the list but didn't find a good post about this
(sorry, but i'm starting with this serious routing/firewalling servers).

What is the best way to make the traffic this way:

If only 1 client using network, have full bandwidth
More than 1, balance traffic to let everyone have a good connection, for
example, if anyone is downloading a file, the others have a good rate be
using voip, browsing sites, sending e-mails... and that one downloading the
file doesn't cut the connection to the others.

Thank you very much for your help guys.

2006/5/24, Rolf Kutz <kutz at netcologne dot de>:
> * Quoting Alex Neuman van der Hans (alex at nkpanama dot com):
> > Rolf Kutz wrote:
> > >* Quoting Alex Neuman van der Hans (alex at nkpanama dot com):
> > >
> > >
> > >>I've set up a few. Definitely your best shot would be to use m0n0 for
> > >>your firewall/routing needs, along with a bit of traffic shaping. I'd
> > >>block outgoing port 25 to prevent abuse (and let your clients know
> that
> > >>
> > >
> > >This helps preventing abuse like castration
> > >prevents rape. How shall people contact their
> > >providers smtpd if 25 is blocked?
> > >
> > >
> > Two ways. One would be to set up an internal mailserver running
> > MailScanner (http://mailscanner.info) that works as an internal relay
> > and set up a forwarding rule just like some people do for squid caching.
> >
> > The other would be to have a notice in the captive portal page that says
> > that you should use your company's (or your ISP's) webmail instead, or
> > services like mail2web.com, or use SSL (smtps), or port 587, or a VPN.
> > It *would* require having knowledgeable staff, which in some hotels
> > isn't the case.
> How does using smtps or vpn reduce abuse, if I
> would be sending mail over my ISPs smtpd anyway?
> And pointing to webmail doesn't really help
> either.  The question is whether you want to
> offer _Internet_access or _web_access? Why not block
> everything but Port 80? Abuse can be done with
> ftp, ssh or netcat.
> > This isn't as crazy as it sounds. I've set up several
> > hotels/resorts/golf clubs like this, and I've been to quite a few here
> > and all over the world that do the same thing.
> A million flies can't be wrong? I really hate
> internet cafés where I can't even run putty or
> they even block ssh and I can't log into my
> servers. If they offer Internet they should
> deliver unfiltered IP. Next thing you know is they
> block you from "harmful" websites, too.
> - Rolf
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch