Matt Daubneys Blog

After we’ve had a few issues with Virgin Media, I decided it was time to take the plunge and find out if it was us or them. The simple way to do this was to measure the amount of bandwidth we use during a day, see if we exceed their fair use terms for the cap to come into effect. I also wanted to throttle people using Bittorrent in the house, so it was time for a network redesign! Out came Dia and we end up with this.

Once I had a network design, all I had to do was put together an old, low power box and install IPCop. The first box I built had a duff motherboard on it, and the second one didn’t like one of the three network cards I was feeding it. A little fiddling around and I had a working box. Turned it on and it sounded like a 747 taking off. The solution to this was simple, a quick clean with an air duster and an application of spray grease on the fan spindles. This solved the noise problem quite nicely and allowed me to continue on to install IPCop.

The install for IPCop from CD is the same as installing linux in the pre-LiveCD age. You simply follow the onscreen prompts and let it do what it needs to. As in the diagram, I set up a red, green and orange network. I decided this after a bit of reading around the subject on the IPCop site that recommended putting any webservers and the like into the so called orange zone to prevent people from breaking into the trusted green zone. The red zone is the wild wild west of the Internet, so it’s allowed the least access into the house.

Once IPCop had installed nicely I discovered a small problem. My previous network setup had completley relied on DHCP to give out the IP addresses, it turns out that IPCop does not do DHCP in the Orange Zone. A quick google about for some commands and I discovered how to set the ipaddress properly and the nameservers so it could talk to the interwebs properly.

Now I had IPCop set up correctly I clicked on to it and gave everyone a fixed IP, so I can track individuals bandwidth use easily. This was done easily through the GUI. I also set up a transparent proxy in order to play practical jokes easily

The next part was the hardest. How to actually record individuals bandwidth usage. To do this I dug about again and found an addon called Net-Traffic. This gave me oodles of information, but not to the level I was after. A further dig around led me to the idea of adding more rules to ipac-ng. Remembering that IPCop puts ssh on port 222, I shelled in and found the rules file in /etc/ipac-ng/rules.conf. I then added a couple of lines to this such as

#bandwidth by Wii
internet to Wii|ipac~fi|eth2|all||192.168.1.106||
Wii to internet|ipac~fo|eth2|all|192.168.1.106|||

Once this was accomplished, I could check on peoples bandwidth usage by running

ipacsum -t today

which would give todays usage.

I shall give it a few weeks and then look over these nmbers and see just who is eating the internet alive!