mrfwiski@allele5.biol.berkeley.edu (mrfwiski) wrote in message news:...
> Hello,
> I am a junior network admin in a cooperative housing complex in
> berkeley. The house has been wired to share a T1 connection between
> the 28 possible computers, all hidden behind a debian machine running
> apache... bla bla bla.
>
> Point is, I was less familiar with linux networking than I would like
> to be when the job has been left to me (the two senior admins
> disappeared), and I have run into a problem with the connection
> getting reee.ee.eeeealy... slow...
>
> My suspicion is that it is file sharing software being run by multiple
> parties. My question is, what is the best way to regulate file sharing
> in my network? I just looked through apache's httpd.conf, but it
> really wasn't any help. I was about to make a script that would cause
> my computer to sniff out bandwidth hogs and switch ips with them (to
> knock their connections off the network for a bit), but it occured to
> me that the vengeful approach really isnt the most professional.
>
> Any suggestions? Advice appreciated.
>
> J

not apache, look for firewalls, apache is the web server, doesn't do
anything for connections to the internet.
look for ipchains or iptables
hope this helps,
--Lehi

lgj_nospam@yahoo.com (LGJ) wrote in message news:<91e4ba8d.0311131326.487937a8@posting.google.com>...
> mrfwiski@allele5.biol.berkeley.edu (mrfwiski) wrote in message news:...
> > Hello,
> > I am a junior network admin in a cooperative housing complex in
> > berkeley. The house has been wired to share a T1 connection between
> > the 28 possible computers, all hidden behind a debian machine running
> > apache... bla bla bla.
> >
> > Point is, I was less familiar with linux networking than I would like
> > to be when the job has been left to me (the two senior admins
> > disappeared), and I have run into a problem with the connection
> > getting reee.ee.eeeealy... slow...
> >
> > My suspicion is that it is file sharing software being run by multiple
> > parties. My question is, what is the best way to regulate file sharing
> > in my network? I just looked through apache's httpd.conf, but it
> > really wasn't any help. I was about to make a script that would cause
> > my computer to sniff out bandwidth hogs and switch ips with them (to
> > knock their connections off the network for a bit), but it occured to
> > me that the vengeful approach really isnt the most professional.
> >
> > Any suggestions? Advice appreciated.
> >
> > J
>
> not apache, look for firewalls, apache is the web server, doesn't do
> anything for connections to the internet.
> look for ipchains or iptables
> hope this helps,
> --Lehi


Thanks Lehi. I followed your advice and came up with the following
hack.

first, I let the following run

../ngrep -l -q -t -d eth0 -i 'kazaa' > kazaabad &

then I created a shellscript with the following contents:

######### fish4kaza ###############################################
cat kazaabad | grep -a "192.168.0." | sed
's/..*192.168.0.[0-9][0-9]*:[0-9][0-9]* ->
\([0-9][0-9\.]*\):[0-9][0-9]* ..*/\1/' | grep "^[0-9]" | sort | uniq >
kazaafish

echo "" > kazaabad

x=`cat kazaafish | wc -w`

echo -n "found $x ips cooperating in the conspiracy:"

if [ $x -gt 0 ]
then
for ip in `cat kazaafish`
do
route add -host $ip reject
echo -n "X"
done
fi

echo "all iced"
rm kazaafish
##################### feenish ####################################


Then, to purge the routing table rules once the file sharers have
given up

#################### free_routetable #############################
route -n | grep "\!H" | sed s'/^\([0-9][0-9\.]*\) ..*/\1/' > limitlist

x=`cat limitlist | wc -w`
echo -n "Liberating $x routes from tables: "
if [ $x -gt 0 ]
then
for ip in `cat limitlist`
do
route del -host $ip reject
echo -n "X"
done
fi

echo "all iced"
rm limitlist
################################################## #################

After tinkering, I found that I could pretty reliably cleanse my
network with a quick shocktreatment to the tune of

x=20;while [ $x -gt 0 ]; do ./fish4kazaanodes; x=`expr $x - 1`; sleep
30; done

followed by a cron'd checkup. The technique has worked exceedingly
well in speeding up service within the LAN. My only problem is that I
have made an overly liberal specification of what kazaa packets to
grab (due to a lazy and limited reading of the ngrep man page.), with
the effect that I suddenly found myself unable to connect to google.
(free_routetable fixed that, of course)

BUGS/PROBLEMS/IDEAS

1) A major limitation is that this only addresses Kazaa.

2) The script also isnt really automated; I have to run them when I
think the network is slowing too much for my tastes.

3) Some sort of network load sampling tool with be a great way to
set an event trigger on the crontab (I'm a geneticist, what can I
say?).

4) Additionally, I think there may be undesirable consequences with
having so many routing table rules.

5) How Google got mixed up in kazaa filesharing I really dont
understand at all.

6) Finally, as rewarding as it is to watch the tides of slow pages
part, knowing that you just derailed all the bandwidth hogs, this is
really far too much of a draconian admin technique for my taste.