if i do NAT for 2 users how do i limit the WHOLE traffic to 10mb/day , not only web trafic, dcplusplus traffic port 411, irc traffic 6667 .....
is there a way ?
1more question! limiting ALL TRAFFIC to a user
Moderator: Qbik Staff
7 posts
• Page 1 of 1
1more question! limiting ALL TRAFFIC to a user
by ignition » Apr 02 04 5:59 am
- ignition
- Posts: 21
- Joined: Feb 10 04 1:32 pm
by ChrisH » Apr 02 04 8:55 am
Hello,
I would suggest creating a new Group (let's call it 10Mb) in GateKeeper that includes those two users and under System Policies setup a policy for this group under Advanced Tab and set up a new Filter with the criteria This criterion is met if User:Bytes received for client is less than 10000000. You will also have to Add an Event in the WG Scheduler with the Action to Reset user account for each of the two clients' to zero every day at midnight or whenever you want reset to happen. Also, since they are part of the Everyone Group in system policies you will need to add an Advanced policy in the Everyone group with the Filter and criteria set to This criterion is NOT met if User is member of 10Mb.
A drawback may be that you have certain service policies set to ignore the system policies and in order for this to work the system policies would have to also be in effect, so those policies would have to be set to Default rights (System policies) MUST also be granted.
I strongly suggest that you make a backup before you do any of this in case it doesn't work as planned and you could be locked out of WG. In GateKeeper go to Options, Advanced and click on Save Registry Settings and choose where to save it.
There may be other ways to do this and perhaps others have alternatives. I would try it to see how it works.
I would suggest creating a new Group (let's call it 10Mb) in GateKeeper that includes those two users and under System Policies setup a policy for this group under Advanced Tab and set up a new Filter with the criteria This criterion is met if User:Bytes received for client is less than 10000000. You will also have to Add an Event in the WG Scheduler with the Action to Reset user account for each of the two clients' to zero every day at midnight or whenever you want reset to happen. Also, since they are part of the Everyone Group in system policies you will need to add an Advanced policy in the Everyone group with the Filter and criteria set to This criterion is NOT met if User is member of 10Mb.
A drawback may be that you have certain service policies set to ignore the system policies and in order for this to work the system policies would have to also be in effect, so those policies would have to be set to Default rights (System policies) MUST also be granted.
I strongly suggest that you make a backup before you do any of this in case it doesn't work as planned and you could be locked out of WG. In GateKeeper go to Options, Advanced and click on Save Registry Settings and choose where to save it.
There may be other ways to do this and perhaps others have alternatives. I would try it to see how it works.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
good IT IS working than you
by ignition » Apr 05 04 2:01 am
good IT IS working than you very much
one more and thats all i ask :
Can you tell me if i want to restrict accesss
to PORT411 ( this means DCplusplus ), and allow access to port 6667 even after the group made its 15mb traffic what do i have to do ????
I am sorry to bother you with such question but wingate seems such a powerfull tool and i want to learn using it.
thank you !
one more and thats all i ask :
Can you tell me if i want to restrict accesss
to PORT411 ( this means DCplusplus ), and allow access to port 6667 even after the group made its 15mb traffic what do i have to do ????
I am sorry to bother you with such question but wingate seems such a powerfull tool and i want to learn using it.
thank you !
- ignition
- Posts: 21
- Joined: Feb 10 04 1:32 pm
by ChrisH » Apr 05 04 3:34 am
Add another Filter with the criteria Server port equals 6667 in the Advanced section for this group's policy. WinGate will logically OR all Filters in this section. So if the first criteria doesn't allow access it will check the second criteria to see if it does and so on. If it comes across a filter that allows access it will grant it.
Hope this helps.
Hope this helps.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
nice .... well here is the deal
by ignition » Apr 05 04 7:32 am
nice .... well here is the deal ...
i have 1user or 1 group, i do NAT for them i understand all the parts you told me except setting the criterias :
I WANT :
First Filter
To give the group access to 15mB download traffic and 5mB upload traffic;
(wingate restricts access when the first criteria is met; im not sure if it restricts when the 2nd "5mb upload" criteria is met first )
Second Filter
I want to give access to this group only to some sites & a DirectConnect Hub Server where the traffic is free.
I believed when the first filter is met, user's access is closed and then wingate move to the next filter where i specify which sites are available for free access
I know that a filter is a set of rules that is executed step by step NOT all the RULES from the first time .... but i thought there is a 'but' in wingate case :D
Click this link
http://tempo.home.ro
it is a screenshot of what i did .... i apreciate your answers thank you
PS sincerly i did not want the DCplusplus traffic to be included in the "bytes received for client tab" but i do not know if this is possible
i have 1user or 1 group, i do NAT for them i understand all the parts you told me except setting the criterias :
I WANT :
First Filter
To give the group access to 15mB download traffic and 5mB upload traffic;
(wingate restricts access when the first criteria is met; im not sure if it restricts when the 2nd "5mb upload" criteria is met first )
Second Filter
I want to give access to this group only to some sites & a DirectConnect Hub Server where the traffic is free.
I believed when the first filter is met, user's access is closed and then wingate move to the next filter where i specify which sites are available for free access
I know that a filter is a set of rules that is executed step by step NOT all the RULES from the first time .... but i thought there is a 'but' in wingate case :D
Click this link
http://tempo.home.ro
it is a screenshot of what i did .... i apreciate your answers thank you
PS sincerly i did not want the DCplusplus traffic to be included in the "bytes received for client tab" but i do not know if this is possible
- ignition
- Posts: 21
- Joined: Feb 10 04 1:32 pm
by ChrisH » Apr 06 04 2:18 am
OK, I see what you are trying do more clearly now. Yes you are right about the DC++ traffic being included in byte count. This is because WG is recording all traffic for this user or group. The only way I can see to get around this would be to set up another user account and different group account and only allow this group access to DC++ (port 411). However this does become cumbersome when user wants to browse. They will have to log off from group DC++ and log on to web access group.
Filters are logically ORed and the criteria within the Filter is logically ANDed. So in your Filter 1, both conditions must be true before the right is granted which I think is what you want to do. If either is false then the right that the filter gives will not be granted. Similarily, in your Filter2 all conditions must be met before the right is granted and the way you have it set up that will never occur. You will need to create a separate Filter for each criteria. So Filter 2 criteria is first server address. Filter3 is second server address and so on. Yes, you may end up with 50 filters but it will work.
Hope this helps some more.
Filters are logically ORed and the criteria within the Filter is logically ANDed. So in your Filter 1, both conditions must be true before the right is granted which I think is what you want to do. If either is false then the right that the filter gives will not be granted. Similarily, in your Filter2 all conditions must be met before the right is granted and the way you have it set up that will never occur. You will need to create a separate Filter for each criteria. So Filter 2 criteria is first server address. Filter3 is second server address and so on. Yes, you may end up with 50 filters but it will work.
Hope this helps some more.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests