Create a content filter profile that would throttle bandwidth


(Lewis) #1

Morning Nethserver uses
I dont know if this will annoy some people because of me being new, I have installed Nethserver 6.6 to control around 15 computers at my work place. I had switched to Nethserver but now back to ClearOS but I dont get the results I am looking for with ClearOS although their interface is so much easier to understand.
I really would like some assistance in understanding Nethserver interface and configuring it. How I would create a profile that would throttle bandwidth for facebook, gmail, yahoo mail. I am confused in the web content tabs, as in creating profiles, linking profiles to other options under the Firewall/Gateway. Any more details needed please let me know.


(Roberto Sitzia) #2

Hi @Lewis

please are you able to be more specific?
I mean:

  1. Maybe I don’t know why but, why you need to throttle bandwidth for single web sites/URLs?
  2. Could you list all single goals you want to achieve?
  3. What did effectively do with ClearOS in detail?

If you will provide information above the community will be able to help you better.

Please let us know!


(Lewis) #3

Morning

  1. I have noticed that most of the usage website in the company is facebook, which is eating into the cap given to the company. Uses start streaming videos because if the speed of the internet. Slowing the bandwidth to facebook will put them off watching video because it will be slow.
  2. as being in Africa internet is not cheap, the company has 50G cap and I need to stretch that through the month but at the rate it is going we using 4G a day, mostly by facebook uses (the company does need facebook to hook on to stories in the country)
  3. My problem with ClearOS is is that it did not give me correct reading on the reports, looking at reports and looking at data usage on modem it was off by about 3G… I need correct report for all going pass my gateway so I know and can control uses.

(Roberto Sitzia) #4

Hi @Lewis

honestly I mot sure you can manage bandwidth with NethServer with firewall role configured.

Maybe @filippo_carletti could help us.


(Lewis) #5

Sitz… are you saying you “NOT” sure or “MOST” sure?


(JamesMillar) #6

This seems problematic. Do all users/employees need access to facebook? I’d start off by limiting the users and only allow the ones that need the access to perform their jobs.


(Lewis) #7

Not all need facebook, the problem is working a way to block the ones that dont need. I used this method to block facebook; This is what I did… Web Prox > Transparent SSL, in Firewall Objects > Hosts I added hosts that
will bypass the proxy (accounts mainly) then Web Proxy > Hosts
Without Proxy I added those users… and its fine so far… Please do
correct if I have done something wrong… So i can mark this solved and
move to my next problem…

Now the ones that have to go through the proxy have certificate problems… Most pages wont open.


(Filippo Carletti) #8

Your setup seems correct to me. I’d use two content filter profiles to avoid a full proxy bypass.
If you don’t want to install the certificate on every pc, you could set the proxy to Enabled and block ports to force proxy usage.

Last note: to really throttle bandwidth you could use squid delay pools.


(JamesMillar) #9

Not sure how beneficial this will be; as I don’t use NS to proxy. I believe squid can also do content caching (though I don’t know if NS is setup that way; someone with that expertise would have to answer that question).

If you were able to cache web content locally, that should dramatically decrease the bandwidth used.


(Filippo Carletti) #10

squid cache is disabled by default, but there’s a configuration page to enable and configure caching.


(JamesMillar) #11

@Lewis do you have caching enabled? If not I recommend that you turn it on.


(Lewis) #12

Filippo… I just got a bit lost on the creating of another profile, will this mean I will have to add proxy settings on PCs? I am very new at this NS thing… Just installed it yesterday…lol Let me mess around and see if I can do what you just said…

islip… I did enable cache, how big should my cache be?


(JamesMillar) #13

If your server can handle it, anywhere between 5GB to 10GB should suffice. Start off with 5GB at first. My experience with caching content is that it’s better to increase the cache than to decrease it.


(Lewis) #14

Cache pushed to 5Gb


(Filippo Carletti) #15

Remember that you need about 10 MB of RAM per GB of disk cache.


(Lewis) #16

:frowning: :open_mouth: :anguished: ok change of plans… 1Gb for now, can increase later…


(JamesMillar) #17

You should begin seeing an improvement, not only with limiting the actual bandwidth but also the speed at which your users access the internet. Your server now only has to download the content once instead of every time a user refreshes facebook or any other site.


(Lewis) #18

Filippo… Can you please give me a more of explanation on how to do that so I try implement it over the weekend…


(Roberto Sitzia) #19

“NOT” sure.

Sorry @Lewis