|
dandy72 wrote: Ideally that's be set up on the router (so there's a single location to edit) but then how do you set up the computer itself so it can talk to the router to reach the outside world (and not try to "get back to itself" in an endless loop)? On the router, set it to allow access only from the IP of the selected server machine, then set the server as an alternative gateway on each of the other machines (without removing the router as the primary gateway), and don't set an alternative gateway on the server machine.
• The router's docs will tell you which admin page to go to filter on IPs.
• To set an alternative gateway, just click the Advanced button on the network adapter's TCP/IP properties dialog, and then the gateway section's "Add" button.
With that set-up, if a non-server machine wants to access the network, it will try the router IP, be rejected, and fall through to the server, which will forward to the router.
You can then install all manner of packet-sniffers and network monitors on the server machine, and get all the info you want much quicker and easier than by relying on what you can squeeze out of the router.
When you're finished, there's no hurry to delete all the alternative gateways, because once the router is set to again allow access from all the machines, their requests will go straight to the router.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Neat. Ok, I can picture it. Thanks for that.
Mark_Wallace wrote: then set the server as an alternative gateway on each of the other machines
That's really the bummer. I have, quite literally, over 100 VMs (not all running at the same time, obviously), and then probably close to 20 physical devices...some of which I'm not sure where these network settings reside.
But I've copied and pasted this into OneNote, so when I get around to it, I have something more concrete to get me started.
|
|
|
|
|
I've got an unsused motherboard laying around that has two network interfaces. I am seriously considering setting that up as a transparent pipeline, simply forwarding packet from one interface to the other without changing a single bit. This would require some fairly low level programming; I couldn't do it through a socket interface. But it is certainy possible, at a reasonable level of effort.
This would be a plain single-cable-to-single-cable pipeline, invisible to either the end PC or the router. Either would transmit their packages onto the cable, with no concern for the pipeline machine. No routing/switching, just simple two-way forwarding, that would allow the pipeline machine to peek at every package it forwards. Later, as I gain experience, it could even not forward selected IP-packets. If new, unknown IP addresses where detected, as source or destination, it could inject a downstream series of packages reporting it to my PC, for me to check off "OK", "reject all traffic" or whatever action, and return to this "pipeline PC". I am sure that it would have more than enough capacity do DNS lookups to report more information with the "unknown address" report.
I really expect this to be near-trivial, once I learn to do packet forwarding (which in principle is trivial as well...). My only problem is that this project currently is #34 on my list of near-trivial hobby projects.
|
|
|
|
|
Go to unlimited plan and care not.
Didn't think too many people would go for a cap. Very rare here in New Zealand.
A Fine is a Tax for doing something wrong
A Tax is a Fine for doing something good.
|
|
|
|
|
that will be it.
but I'd like to know how I spend my time on the internet.
I'd rather be phishing!
|
|
|
|
|
Neighbours...
A Fine is a Tax for doing something wrong
A Tax is a Fine for doing something good.
|
|
|
|
|
First I though you were talking about your smartphone subscription: Gee, why don't you do those huge downloads from your PC? Then I realized that you were talking about your fixed line subscription, not your smartphone. Last night I downloaded 70 GB on my fixed line within a couple of hours...
I don't think any ISP around here would dare to limit the download volume on a fixed line. It doesn't cost the ISP a cent more to let you use the capacity physically available (for 4G/5G wireless access there is a real bandwidth shortage, and that can't be cured by just pulling a few more optical fibers). Sure: I must accept that sometimes, a single web server cannot fully utilize my 100 Mbps fiber connection, but two or three independent transfers fill up my subscription line to capacity. In high traffic periods, maybe my ISP's outwards connections are overloaded, but I have never really experienced that as a real capacity problem.
Why would a fixed line ISP want to limit my data volume? Where is the capacity bottleneck justifying it? Or is it just some artificial limitation imposed on meto make you pay more if I want more, even though the capacity has been available all the time?
Historical note:
I once worked for a manufacturer of "supermini"-computers (in the 1980s, supermini was a well known concept - the VAX class). One 32-bit CPU had been marketed, the "ND-500", but the market wanted a range from cheap models to high-range. The company had no resources to develop multiple CPU architectures for varying demands. So it was seriously discussed whether to release a "low-end" model with lots of wait cycles in the microcode (in RAM) to slow it down. This was rejected: Removing CPU cache would reduce the component cost by about USD 50K and half the effective speed of the CPU for the "low end" ND-520, compared to the "mid-range" ND-540. That made it a "real", non-artifical, restriction of the speed obtained.
A few months after the introduction of the ND-5x0 range I held a course for our customers. One student was close to physically attacking me when I told her that the ND-560 her company had bought was no faster than an ND-540 - nothing but a two-rack model, capable of accomodating more I/O-equipment than the single-rack ND-540. She insisted that her company had been fooled, been tricked into bying the more expensive two-rack setup. (No, she never could show to any documentation indicating that the ND-560 would be any faster than an ND-540.)
So: What the ISP/vendor says about power and capacity should be considered very critically. If we had gone for the microcode wait cycles, the CPU speed could have been doubled simply by loading a different microcode floppy. That solution was rejected, but lots of the "throtteling" mechansims that ISPs implement have no other real purpose than to set different price levels for different customers.
Here (Norway, that is), your fixed line subscription price is solely based on the line capacity, not at all on the traffic on the line. If there is some congestions, somewhere out in the network between you and the site you are connected to: Well, that is your problem, not that of the ISP.
|
|
|
|
|
So you can keep track of all devices, look at Ubiquiti Unifi. Replace your WiFi router with a Dream Machine (that's what it's called) and turn on DPI and you get a good breakdown of the types of data and what is causing it.
Use it at a few clients and recently converted at home and find it really useful, despite being on an unlimited plan, just like to have an idea what's going on.
Rod
|
|
|
|
|
I was chasing this kind of problem recently and figured out, by a process of elimination, that BigTelco had been charging the home internet gigabytes for the traffic to the TV set top box.
It's all IP traffic and they normally don't bill for packets for the set top box mac address. Until they screw it up.
BigTelco's web site was able to show a nearly live version of this month's usage numbers, so I turned stuff off until the numbers stopped changing.
|
|
|
|
|
I'm sure there are going to be more sophisticated answers, but get a better router would be mine. I have a nicer Asus router, and it shows bandwidth used, and you can sort info by device (so you can see what device is using the most) and you can sort it by generalized web-traffic (ie: hulu, netflix, internet browsing, etc), so you can see what services are using the most bandwidth. I'm sure some of the nicer routers will give you similar info.
It's not super in-depth like some dedicated monitoring/analysis tool is, but when I had the same problem, I was able to see that I was burning up 10's of GB of Netflix, as it was the elephant in the room bandwidth wise. I went to the site, and told it to lower it's quality to the next lower tier, and checked back after a few days and the usage amount was more inline. I think it was sending me high bitrate feed since my internet speed was so good, but it was causing a problem with the cap.
I also was able to pinpoint a specific computer that was using more bandwidth than made sense. I believe the online backup was stuck in a loop and causing it to run constantly for a period of time. Rebooted the machine, and the usage went down to normal.
|
|
|
|
|
I'm sure there are going to be more sophisticated answers, but get a better router would be mine. I have a nicer Asus router, and it shows bandwidth used, and you can sort info by device (so you can see what device is using the most) and you can sort it by generalized web-traffic (ie: hulu, netflix, internet browsing, etc), so you can see what services are using the most bandwidth. I'm sure some of the nicer routers will give you similar info.
It's not super in-depth like some dedicated monitoring/analysis tool is, but when I had the same problem, I was able to see that I was burning up 10's of GB of Netflix, as it was the elephant in the room bandwidth wise. I went to the site, and told it to lower it's quality to the next lower tier, and checked back after a few days and the usage amount was more inline. I think it was sending me high bitrate feed since my internet speed was so good, but it was causing a problem with the cap.
I also was able to pinpoint a specific computer that was using more bandwidth than made sense. I believe the online backup was stuck in a loop and causing it to run constantly for a period of time. Rebooted the machine, and the usage went down to normal.
|
|
|
|
|
A movie will probably average around 4GB; HD, don't know.
10 or 15 "half-watched" movies, combined with the rest, and there goes your quota. Then there's browser versus an "app" watching movies. I'm convinced the browsers are way too busy, even when not navigating. Just idling, they use more resources than Visual Studio.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it.
― Confucian Analects: Rules of Confucius about his food
|
|
|
|
|
Is a keyless chuck when Charlie has locked himself out again?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
No - it's referring to Charlie-the-Rap-Star - who "sings" off key at all times.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
I take issue with statements that rap is singing, or even music. It is not. It's a cacophony of harsh, irritating, rythmic noises!
|
|
|
|
|
That's why it starts with a silent "C" ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Quote: That's why it starts with a silent "C" ... Beautiful!
|
|
|
|
|
Rhythmic gun shots?
Monday starts Diarrhea awareness week, runs until Friday!
JaxCoder.com
|
|
|
|
|
Isn't it what happens when one is thrown out of the house?
(Asking for a friend)
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
A somewhat different version of "Fifty Ways to Leave Your Lover": Bugge Wesseltoft & Sidsel Endresen[^]
Second only to the original. Or ... This one is so different from the original that I consider them both "first", each in its own way.
|
|
|
|
|
Chuck Norris has a skeleton key, good for all cities worldwide. And the ISS, and the NSA's secret lunar bases.
|
|
|
|
|
OriginalGriff wrote: Is a keyless chuck when Charlie has locked himself out again?
His name is Carlos.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
|
... Saul Goodman is back!
"Five fruits and vegetables a day? What a joke!
Personally, after the third watermelon, I'm full."
|
|
|
|
|
That was an easy upvote...
S'all good, man.
|
|
|
|
|