On Wed, 2003-01-15 at 15:31, Terry Peterson wrote: > > I currently own an internet cafe. Instead of applying strict policies we > have decided to image the hard drives often. We have found that we had to > lock down the boxes to tight that they became difficult for our customers to > use. So far, we have not had anyone attempting to compromise the systems or > use our center to source attacks. Out biggest problem is figuring out a way > to limit bandwidth usage. Is anyone aware of anyway to limit download > bandwidth on a per machine basis?
OpenBSD allows QoS queuing via the altq mechanism. You can configure your bandwidth allotments in a number of different ways. You'll want to learn more about QoS before you try it though. There are some descriptions of the different queuing algorithms on the 3.2 manpage: http://www.openbsd.org/cgi-bin/man.cgi?query=altq.conf&sektion=5&apropos=0&manpath=OpenBSD+3.2&arch=i386 Note, however, that the altq functionality is being merged into the PF firewalling code in the -current tree. The altq code has been under heavy restructuring (not necessarily bugfixes) lately due to the merge, so you might want to upgrade to the -current tree from the -release tree, to ensure forward compatibility with 3.3. -J. > -----Original Message----- > From: Ferry van Steen [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 11:38 PM > To: [EMAIL PROTECTED] > Subject: Internet Cafe > > > Hey there, > > for the first time I have to setup an internet cafe. I want to use Win2k > on the workstations and "cripple" it using the policies it has, then use > linux as a firewall/proxy with squid. Having only a proxy and not a > gateway should already narrow down a lot of security issues, but I > believe kazaa and some others still work through proxies and I have > hardly any idea on how secure the win2k policies are... Basically all I > want to allow them is using IE on websites/ftp sites, they should be > able to download, but only to a single folder and msn messenger should > work. > > Anyways, anyone got any suggestions/comments on what I really have to > look out for? I'm thinking it should be reasonably secure, but in places > like this you always have the added risc of people wanting to damage the > OS/system or use it as a place from which to attack others. > > Kind regards and TIA, > > Ferry van Steen > >
