Routing and bandwidth problem

Rodolfo J. Paiz rpaiz at simpaticus.com
Wed May 5 15:19:50 UTC 2004 

At 06:36 5/5/2004, you wrote:
>Not necessary to use that many adapters,  It can easily be done on 2, one 
>for the internet and one for the LAN.
>
>Linux can run multiple IPs on a single adapter by using aliases in the 
>config, and then using the traffic shaper utils you can set bandwidth for 
>each.
>The only real problem will come in if they decide to snoop and since with 
>this method they would all be on the same physical network they might find 
>the other machines.
>
>You could thus use 192.168.2.X for one, 192.168.3.X for another, etc.

Snooping is not really a problem. Two of the four tenants are companies 
owned by my family, the third is my own company, and the fourth is owned by 
three of my friends. And no one really has any technical talent. :-) The 
issue really is that a 512 Kbps Internet connection is going to cost 
upwards of $600 per month and people are going to be paying for a service 
level, so they should get their fair share. Besides, as Ben pointed out, 
snooping is mostly eliminated at the switch anyway.

My lack of understanding here is in the assignation of the IP addresses for 
the client. It sounds to me like four virtual adapters on one real Ethernet 
card will look the same to the DHCP server, so one cannot assign different 
subnets to different tenants unless they really are on separate interfaces. 
But now that I think about it (and after checking out the dhcpd.conf man 
page briefly) I cannot see how to specifically assign the 192.168.1.0/24 
subnet to eth1 (or eth0:1) anyway... maybe I'd actually have to run four 
dhcpd processes, each listening on a single interface?

There must be a simpler way... I'm sure I'm missing something here.

>>         4. Optional: Provide each tenant with an FTP-served directory on 
>> the server which can *only* be accessed from their network. So if they 
>> pull down the confidential something or their wife's nude pictures, 
>> other tenants cannot get at that information.
>
>provide each user/client with an ftp directory they can log into as a 
>user.  by default vsftp provides a chroot jail for them.

Excellent. Thanks!


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com

More information about the fedora-list mailing list