James Barrett on 6 Jan 2008 08:13:05 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sharing an Internet Connection


On Sun, Jan 06, 2008 at 10:45:58AM -0500, holdenergy wrote:
> Hi - What might be the quickest/cheapest/easiest way to securely share an
> internet connection.
> Let me explain. In a shared community with only one DSL connection, multiple
> different entities connected through one DSL connection but requiring that
> records be kept for each port, so that in the extreme case of a visit from
> FBI/RIAA etc only that port is an issue. Ideally getting 2 IPs from the DSL
> provider would be perfect but that adds $$ if they'd even do it.

What kind of records?  If you mean things like originating/destination 
IP and orig/dest port, that is easy.

> Furthermore, we don't want one entity soaking up all available bandwidth, so
> what would be the device to throttle each port to a certain percentage of
> available, and we actually want to maintain a certain port dedicated for
> VOIP to ensure quality of service even if the DSL is otherwise at capacity.

tc can be used to stem the flow of incoming and outgoing data and other 
QoS-ish stuff.

> I have not seen these features in consumer grade routers and I am not sure
> how far we have to step up to get it, or is there a Linux solution for which
> I'd be happy to re-purpose an old PC or laptop.

I am using an old machine with 4 ethernet NICs in it and Debian stable. 
One nic is for the incoming connection (Comcast Cable), another nic is 
for my personal LAN and yet another nic is for my brother's LAN.  I had 
to do this for two main reasons: 1) he has a wireless AP which although 
uses WPA2 + AES, I do not know the encryption key and therefore do not 
know how good the passphrase is, 2) he likes to soak up bandwidth.  The 
fourth nic is there in case I want to set up a DMZ sometime in the 
future.  His LAN has no access to my LAN.

I used fwbuilder to construct an iptables firewall with all the bells 
and whistles.  I also used tc to cut his bandwidth down to size: 768kbps 
download, 128kbps upload - he was doing something with bittorrent that 
was eating up all the upload bandwidth and practically none of the 

If I were not painting my room today I would be able to tell you more...

James Barrett

Attachment: signature.asc
Description: Digital signature

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug