2

I have a server with 256 ip addresses for our internal office use. Each ip is given to our employees via squid proxy. They connect to proxy they browse etc. Problem is that some must do tedious tasks with bots and stuff while others don't but the ones making heavy traffic end up eating all the bandwith and every1 else is left with a ridiculous download of 0.09mb/s.

My question is as follows. Is there a tool for ubuntu which analizes the ip addresses which do a lot of traffic then applies a limit on their connection? Something like a firewall or something?

Gilles 'SO- stop being evil'
  • 9,391
  • 1
  • 33
  • 48
Romeo M.
  • 225
  • 1
  • 2
  • 5

2 Answers2

1

Trying to find the offender by looking at the volume of traffic over time is likely to be too late. Remember that a user expect web responses in seconds. Limiting a user by analyzing the traffic flow is likely to be too apply the limit long after the browsing user has given up.

There are some things you can do with iptables (see e.g. hashlimit) but your users will probably notice the slowdown anyway. If you want to make sure that everyone gets a share, you need to play with prioritizing traffic. See the tc command. For an easier time, I recommend tcng. No matter which method you use, you will need some criteria to differentiate "bad" traffic from "good" traffic (other than quantity).

However, my experience is that well-behaved routers (be they linux boxen or enterprise-level routers) nearly always do a reasonable job of prioritizing traffic such that you don't get a total breakdown like OP describes. Before trying to do fancy stuff, I would try to see if there is some badly configured or designed hardware on the network. My presumption of guilt falls on ADSL routers, old Cisco PIX routers and cheap switches.

Bittrance
  • 3,070
  • 3
  • 24
  • 27
0

While I agree with everything Bittrance has to say about a direction for addressing this problem, to answer your direct question you should look at iftop:

http://www.ex-parrot.com/pdw/iftop/

If you are having issues with a single user or users being abusive in the moment, this should show you exactly who is using the traffic just like you asked.

n8whnp
  • 1,326
  • 7
  • 9
  • pktstat doe that also. I'm more interested in a tool which is able to apply limits on the fly while monitoring based on parameters. Something like if user x goes 30% of total allowed bandwith(server wise) limit him to 250kb/s or something like that./ – Romeo M. Jun 11 '11 at 23:57