[SOLVED] HELP - Scripting Bandwidth Limit

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 701
Location: Canada

PostPosted: Thu Jul 15, 2010 16:34    Post subject: [SOLVED] HELP - Scripting Bandwidth Limit Reply with quote
I have spent 2 full days trying to limit the bandwidth of a vwlan with issues and I'm requesting some help and I'm at a loss...

I'm setting up a 610v1 with K26 14473 BIG loaded. wl0 is a NG-Mix with vwlan and the wl1 is a N-5Ghz network. The vwlan is going to be separate bridge (br1) from the local network (br0) with the possibility to also limiting the Bandwidth to 2Mbit on the br1 network.

I have used the "generator" which is very limited and did some editing to create a script for the br1 network. I did get the limiting to work but at the cost of loosing the local wireless wl0 after someone connects to wl0.1. I did read that QoS should be disabled but I need it for the br0 network's devices and ports.

Here's the firewall script that I'm using (with some changes to mask the SSH port):

#
#
iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport (ssh port) -m limit --limit 1/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p ! ICMP -j LOG --log-prefix " Port Request Dropped!! "
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A rate_limit -j DROP
iptables -I INPUT -p tcp --dport (ssh port) -m state --state NEW -j rate_limit
# BR1 for Web Only Access
# START
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o `nvram get wan_iface` -j ACCEPT
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
# END
iptables -t nat -I PREROUTING -p udp -s 10.81.1.128/25 --dport 53 -j DNAT --to 208.67.222.222
iptables -t nat -I PREROUTING -p tcp -s 10.81.1.128/25 --dport 53 -j DNAT --to 208.67.222.222
# --------------------------------------------
# WRT54 Script Generator v1.02
# (C) 2006-2007 Robert "Robson" Mytkowski
# Limit 10.81.10.xxx download to 2048kbps
# --------------------------------------------
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 4500kbit
tc class add dev br1 parent 1:1 classid 1:10 htb rate 1024kbit ceil 2048kbit prio 3
tc filter add dev br1 parent 1:0 prio 3 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -m iprange --dst-range 10.81.10.2-10.81.10.254 -j MARK --set-mark 10

TIA!!!

_________________
Wired GigaBit Backbone
Linksys E3000 K2.6 KONG-VPN 22200++ | Gateway + NG & NA AP
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | OpenVPN Client
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | PPTP VPN WAN
Linksys E3000 K2.6 KONG-VPN 22000++ | NG & NA AP + VAPs


Last edited by mac913 on Tue Nov 23, 2010 5:51; edited 1 time in total
Sponsor
gobbledigook
DD-WRT Guru


Joined: 06 Apr 2009
Posts: 727

PostPosted: Fri Jul 16, 2010 9:52    Post subject: Reply with quote
don't know much about iptables, but per user bandwidth throttling is part of the dd-wrt special build which you have to pay for...

plus how old is that script generator?
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Fri Jul 16, 2010 13:31    Post subject: Re: HELP - Scripting Bandwidth Limit Reply with quote
The script generator is incredibly old and has many flaws which I explained on the QoS wiki. For instance, the iprange matcher is not included in any broadcom build so you have to use netmasks instead, but it seems that you're trying to match the entire range for br1 so you don't need it at all really... This code should do what I think you want to do in the simplest way and it's fine to turn on the default QoS with this.

tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 2048kbit

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 701
Location: Canada

PostPosted: Fri Jul 16, 2010 20:21    Post subject: Re: HELP - Scripting Bandwidth Limit Reply with quote
phuzi0n wrote:
The script generator is incredibly old and has many flaws which I explained on the QoS wiki. For instance, the iprange matcher is not included in any broadcom build so you have to use netmasks instead, but it seems that you're trying to match the entire range for br1 so you don't need it at all really... This code should do what I think you want to do in the simplest way and it's fine to turn on the default QoS with this.

tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 2048kbit


phuzi0n, tried it and no luck, br1 gets full bandwidth.

Things mess up with:
iptables -t mangle -A POSTROUTING -m iprange --dst-range 10.81.10.2-10.81.10.254 -j MARK --set-mark 10

Can you re-write the code from iprange to br1?

TIA!!!

_________________
Wired GigaBit Backbone
Linksys E3000 K2.6 KONG-VPN 22200++ | Gateway + NG & NA AP
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | OpenVPN Client
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | PPTP VPN WAN
Linksys E3000 K2.6 KONG-VPN 22000++ | NG & NA AP + VAPs
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 701
Location: Canada

PostPosted: Tue Nov 23, 2010 5:47    Post subject: Reply with quote
Today, I started to look into the download throttling script for the wireless guest network on BR1. After hours of script testing I have the script working without effecting BR0 and QoS GUI. The script is tested with build EKO K26 Build 15337 Std-nokaid-small on the 610v2 Gateway Router. In the script below limits BR1 downloads to 1024KBit/s and uploads are limited in the QoS GUI.

# Limit br1 download speed
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1:1 classid 1:10 htb rate 1024kbit ceil 1024kbit prio 3
tc filter add dev br1 parent 1:0 prio 3 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -m iprange --dst-range 10.81.10.0-10.81.10.255 -j MARK --set-mark 10

EDIT: Since I'm using the whole subnet to be throttled the same, I changed:
iptables -t mangle -A POSTROUTING -m iprange --dst-range 10.81.10.0-10.81.10.255 -j MARK --set-mark 10
to:
iptables -t mangle -A POSTROUTING -d 10.81.3.0/24 -j MARK --set-mark 10

_________________
Wired GigaBit Backbone
Linksys E3000 K2.6 KONG-VPN 22200++ | Gateway + NG & NA AP
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | OpenVPN Client
Linksys E2000 (OC 500Mhz) Shibby K26 1.28.RT-MIPSR2-123-Max | PPTP VPN WAN
Linksys E3000 K2.6 KONG-VPN 22000++ | NG & NA AP + VAPs
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum