Bandwidth limiting using iptables

kripz · 12-02-2007, 05:25 AM

Need help configuring my WRT54GL router, here is my message i posted on another forum which seems dead. This is regarding a program which generates scripts for bandwidth limitingm i dont have any linux knowledge so please bare with me.

Quote:

I want to have a list of MAC addresses that are NOT bandwidth limited.
MAC's NOT on the list are limited to X kpbs download and Y kpbs upload.

Using your program i tried using "secure your network" and modifying the script to limit to Xkpbs but i am not sure how to permit full bandwidth for the listed MAC's.
I tried adding users with 1kbps rate and ceiling of 1536, is this correct?

Here is the script generated by your program

Quote:

#--------------------------------------------
#WRT54 Script Generator v1.01
#(C) 2006-2007 Robert "Robson" Mytkowski
#--------------------------------------------
#Deleting root qdisc
tc qdisc del dev br0 root
#Creating new root qdisc
tc qdisc add dev br0 root handle 1: htb default 99
#Creating main class 1:1
tc class add dev br0 parent 1: classid 1:1 htb rate 1536kbit
#Creating users classes
tc class add dev br0 parent 1:1 classid 1:10 htb rate 1kbit ceil 1536kbit prio 2
tc class add dev br0 parent 1:1 classid 1:11 htb rate 1kbit ceil 1536kbit prio 2
tc class add dev br0 parent 1:1 classid 1:99 htb rate 1kbit ceil 1kbit
#Added class handles
#Adding packet matches
tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000001 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:10
tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000002 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:11
#Creating ingress qdisc for upload
tc qdisc add dev br0 ingress
#Adding packet matches
tc filter add dev br0 parent ffff: protocol ip handle 50 fw police rate 128kbit mtu 12k burst 10k drop
iptables -t mangle -A PREROUTING -m mac --mac-source 00:00:00:00:00:01 -j MARK --set-mark 50
tc filter add dev br0 parent ffff: protocol ip handle 51 fw police rate 128kbit mtu 12k burst 10k drop
iptables -t mangle -A PREROUTING -m mac --mac-source 00:00:00:00:00:02 -j MARK --set-mark 51

Does

Quote:

$TCA parent 1:1 classid 1:99 htb rate 1kbit ceil 1kbit

limit both upload and download?
How do i limit download to X and upload to Y?

These 2 classes are the same:

Quote:

#Creating users classes
$TCA parent 1:1 classid 1:10 htb rate 1kbit ceil 1536kbit prio 2
$TCA parent 1:1 classid 1:11 htb rate 1kbit ceil 1536kbit prio 2

can i reuse them like this:

Quote:

tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000001 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:10
tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000002 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:10

instead of:

Quote:

tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000001 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:10
tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000002 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:11

It would be nice if there is only one computer on the network (whos MAC is not on the list and therefore bandwidth limited) to be able to use all the bandwidth.

Im not sure but there should be a better way to achieve what im after.

Also with the classes if they are reusable i think you should add it to the next version as it saves space.

Thanks for your time.

EDIT: What is SFQ and what happens when your rates in the script are faster than actual sync speeds?

checkmate3001 · 12-04-2007, 03:05 AM

I don't know the answer, but are you using dd-wrt or something similar on the router? or is it stock firmware?

kripz · 12-04-2007, 04:22 AM

tomato firmware

yawe_frek · 12-04-2007, 08:11 PM

stock or tomato !!!!!! al i know is i laughed