Topic: [RESOLVED] Control/restrict internet access using client mac address

[logan]

Good day,

INTRODUCTION:
I do not know if this is possible, and i don't know what search criteria to use in Google that will provide relevant results! This is a request for direction, if it is possible please give me a few keywords so that i may start reading up and testing! . . .i would like to at least try before asking possible solutions on teh forum . . . also if you are aware that it is not possible at all perhaps drop a hint!

WHAT I WOULD LIKE TO DO:
running SME 7.3 - small office, about 10 - 15 people in it at one time interval. Someone is draining our cap (limited GB usage on the internet) very fast - up to 3GB a day. Some one in the office is downloading via p2p and cant track it, trust me i have tried, i even resorted to staring at iptraf output all day!
I would like to register mac addresses with the SME and set a "cap restriction" - thus: employee A is given an assignment limit of 1GB for the month. IF after 3days he hits the limit then he can go count his toes for the rest of the month.
Alternatively, if there is another way of achieving the same goal, just not via mac addresses, please do tell!

REASONING:
1. control the unnecesary usage of company cap (in South Africa you pay expensively for your internet usage - much like pay-as-you-go mobiles)
2. Catch the bastards who make management scream at me every week!

[cactus]

running SME 7.3 - small office, about 10 - 15 people in it at one time interval. Someone is draining our cap (limited GB usage on the internet) very fast - up to 3GB a day. Some one in the office is downloading via p2p and cant track it, trust me i have tried, i even resorted to staring at iptraf output all day!

Are you sure you can not catch the host using iptraf? I get a nice list of connections to my server split per ip and port. I can sort that list on packets if I wish and see the biggest users listed at the top. Perhaps the client is using udp ports.

What is the output of this command?

Code: [Select]

netstat --all
What if you just visit all users or do a scan on their PC's for installed software using some free tools?

[logan]

My main issue is that i do webdevelopment and in-house scripting for the company (php,css,JS,database etc). Manageing the SME is something which kindof fell in my lap when they had it installed - so during all the other stuff i do i have to manage the server and access/control etc etc. ( so i learn as i go along )

I am not always in the office and manual scanning of activity is difficult for me. (have tried it and thought it was working - tracking packets via iptraf - but then yesterday another 3Gb disappeared).

Something that bothers me is that the biggest culprits may be management themselves. The director is pissed off and i cannot get management to let me scan their laptops. (small office = lost of politics) . . . . and as IT i am nothing more than a grunt!

used the command (never did before so not used to the output) and i see it shows local addresses to foreign addresses. Think i will use this along with iptraf at the moment. Thank you.

I just wanted to know if it would be possible to add some form of automatic restriction? I know such a restriction would not be the total solution but it would allow me to concentrate my "manual" management on those individuals who seem to hit limits very quickly. (if you get what i mean)

PS:
when using iptraf for my situation would it be best to monitor "All Interfaces" or just ppp0? Currently i use the all interfaces option as it allows me to easier associate a local ip address to large internet activities.

[logan]

what i really wish for is for someone capable to get the p2p blocking contrib unbugged and running!
Basically i have two choices:
1. add a ghost proxy - block all ports except the ones we need for office use (msn, imap, skype etc) and let everyone in the office run through that proxy.
2. install and use ipcop

i will look at and play with both options.
If anyone may come up with something in the future please share!


Not sure if i should make this thread RESOLVED or not . . . ?

[mmccarn]

Here's a way to block oubound traffic from your network: http://wiki.contribs.org/Firewall#Block_outgoing_ports

[logan]

Thanks mmccarn!
I am just about to leave the office but will most definitely read up on that when next i have the opportunity!
Will let know if that is a solution to my issue!

[imcintyre]

I took an old pc installed an extra nic and then installed Untangle. Took an afternoon but I now know what everyone is doing.

[logan]

It seems the best possible solution available for my issue is to do as mmccarn indicated with his link.
Will work on this for now.

Thanks all fro the assistance.