Alberto,
Thanks for your mail!
I am actually not looking at VPN/PPP kind of scenario. A plain campus LAN on
which some of the hosts get great service without their knowledge :), Of course
only after they get authenticated. As you rightly pointed out a simple
scripting might suffice to begin with. Since I have to deal with host
idle times to update my filters in TC, per-host "last heard from" information
is necessary.
Don't you feel I am proposing something out of the world ?! :)
Anand
>
> On Sat, Feb 23, 2002 at 10:28:46AM +0100, Peter Bieringer wrote:
> > --On Saturday, February 23, 2002 12:57:23 PM +0530 SVR Anand
> > <anand@xxxxxxxxxxxxxxxxx> wrote:
> >
> > ...sure an very offtopic answer, but perhaps interesting.
> >
> > I've heard this week that commercial firewall Check Point FW-1 Next
> > Generation Flood Gate will (already or soon) support QoS based on
> > User Authentication combined with VPN.
> >
> > The only Linux related things:
> >
> > * you can install the firewall (even flood gate) on Linux systems
> > using kernel 2.4.x
> > * a commandline VPN client will be availabe Q2 or so (but don't if
> > here the QoS is supported.
> >
> > Peter
>
> If you do your VPNs using PPTP (or PPP/anything) you can easily filter
> over them using the network interface ppp?.
>
> Remember you can combine netfilter's capability with TC filters by
> MARKing the packets with NF and then using that mark with TC.
>
> Also, if you use PPTP, you can in turn write a simple plugin for pppd
> that would create a new rule (either via netfilter or tc) to match the
> packets.
>
> If you don't use VPN at all, but dhcp instead or any kind of
> authentication scheme, you can script the creation of the rule on the
> connection. Use the source =)
>
> At the end, it's all just simple scripting if you have the code.
> Obviously, if you are stucked with checkpoint, it wont be so nice =)
>
> Alberto
>
>
|