Posted: Thu Aug 19, 2010 1:31 Post subject: How to limit Up/Down speeds per user w/o paid version
Hi all,
I noticed it was mentioned on this forum that there were basically two ways of managing/shaping bandwidth on the ddwrt firmware: get a paid version or create your custom firewall rules. As for the second option I read about a tool I've been using that works just great for the purpose of setting upload/download limits for users based on IP or MAC addresses.
I decided to write a tutorial for anyone to use it as a guide with clear instructions and screenshots.
I hope you find it useful.
How to limit Up/Dn speed using Script Generator without using DDWRT paid versions.
Script generator is a simple GUI based tool that will allow you to manage up/dn speeds, number of open connections (tcp or udp) for a specific IP address or MAC address in a network. The program will ask you for your preferences and will generate a script that you can very easily paste on your firewall startup screen window. Lets take a look at an example.
I used build 13525 micro for my tests and I was able to successfully limit speeds. This build is recommended here:
First of all you have to download the tool from the following link:
[url]robsonn.user.icpnet.pl/generator.zip[/url]
Unzip it, and execute the *.exe file - For Linux users, I tried it on Ubuntu 10.04 under Wine and it works perfectly (right click, open with Wine).
So in our example we need to cap upload/download speeds for a user on our network. Here are our network parameters:
Router IP: 192.168.0.1 (usually you will have 192.168.1.1)
User IP: 192.168.0.141
User Download limit: 1024 kbits/sec (1 Mbit/sec)
User Upload limit: 128 kbits/sec
Steps: ---> Follow screenshots if necessary
1. Depending on your language the very first thing to do is to click on the middle rounded icon with flags in it to change language to English
2. Click on the first icon
3. The first field is where you put your router's IP address, in our example 192.168.0.1. Second field is where you put your line max download speed and in the third you have to enter your line's maximun upload speed (you can get this info from your ISP). Then click on the right pointing arrow.
4. Next screen allows us to determine TTL values, which in this example I did not play with, so click on the arrow again to move to the next screen.
5. Right click on the white area and choose "Add New User"
6. Here is where we will enter the user's information. The first show field with filled with 141 as we are limiting user 192.168.0.141, in DL Rate and DL Ceil we will enter 1024 which is the cap to the user's download speed, and in UL Limit we will enter 128, same as in UL Ceil.
7. Click on the Checkmark symbol
8. You will now see that your rule has been created. At this point you can add a new rule or edit the existing one. We will move forward in our example by clicking on the right pointing arrow again.
9. The application will translate your preferences into IPtables commands that we will now put into our DDWRT router.
10. Click on the third icon to copy the whole text to the clipboard.
11. Open your router's admin page. In our example, we would go to our Internet Browser and type in 192.168.0.1
12. The go to Administration > Commands
13. Right click on the Commands box and choose paste. You should now see the text we generated instants ago.
14. Click on Save Firewall.
15. The Power light will blink for a few moments, once it stops to to Administration > Management, scroll to the very botton and click on "Reboot Router"
You are done. In order to test your settings you can go to www.speedtest.com and test both upload and download speed.
Bear in mind that this tool allows you to fine tune many of your network parameters and not only you can limit speeds, but number of connections as well on a user basis. I think it's even better to filter by MAC address that by IP address in order to apply caps on a computer basis rather than IP (which is more easily changeable than a MAC address for the average user).
Let me know if you have any questions!
screen1.png
Description:
Filesize:
152.25 KB
Viewed:
33657 Time(s)
screen2.png
Description:
Filesize:
60.17 KB
Viewed:
33657 Time(s)
screen3.png
Description:
Filesize:
57.65 KB
Viewed:
33666 Time(s)
Last edited by scott1981 on Thu Aug 19, 2010 1:36; edited 1 time in total
I can't get upload throttling to work either must be an isssue with the K26, I'm using EKO K26 Build 15337 Std-nokaid-small. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
I have spent some time looking to see if I could get Upload Throttling to work and it seems that Upload Throttling only works with the K2.4 builds and Download Throttling works on both K2.4 & K2.6 builds, have been my finds. I currently have a working Guest Network with Throttled 0.1Mb/s Up & 1.0Mbps Down, I’m no DDWRT Guru just read a lot and experiment a lot. In this example the local network is 192.169.1.xxx and the Guest Network is 192.168.10.xxx with Throttled Download at 1.0Mbit/s & Upload at 0.1Mbit/s
Hardware and Builds used:
- 610v1 loaded up EKO Build 15508 K2.4 BIG
- wl1 – Client-Bridge, 5Ghz N-Only connecting to Gateway (610v2 with EKO K2.6 build 15337 Std-small)
- wl0 – AP G-only for local G-Devices with VAP (br1) for Guests (Internet Access Only) and Throttled Up/Down
Some extra notes about the 610v1 configuration
- Setup a VAP on br1 (search for it if you don’t know)
- Must have Advanced Routing Mode as a Gateway (for br1 Masquerade / NAT to be enabled)
- STP is disabled on Basic Setup but enabled for br1 (default)
- Use your Gateway Router’s address for the Gateway & Local DNS
- Disable SPI Firewall with unchecked WAN Requests
- QoS leave it Disabled
- Setup DNSMasq Enabled; Local DNS Disbaled; No DNS Rebind Enabled
- Additional DMSMasq Options:
Some extra notes about the 610v1 configuration
- Setup a VAP on br1 (search for it if you don’t know)
- Must have Advanced Routing Mode as a Gateway (for br1 Masquerade / NAT to be enabled)
- STP is disabled on Basic Setup but enabled for br1 (default)
- Use your Gateway Router’s address for the Gateway & Local DNS
- Disable SPI Firewall with unchecked WAN Requests
- QoS leave it Disabled
- Setup DNSMasq Enabled; Local DNS Disbaled; No DNS Rebind Enabled
- Additional DMSMasq Options:
I have made some corrections to the 610v1 configuration. Having the 610v1 setup as Client-Bridge and also having the 610v1's operating mode as a Gateway is causing a double NAT/Masquerade for local traffic on the 610v1 Client-Bridge.
I now have the 610v1 operating mode as Router as it should be. To get the Client-Bridge br1 traffic to route to the WWW, I added this firewall script to the Gateway Router:
# Gateway Router Firewall
# WWW access for 192.168.10.xxx
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.0/24 -o br0 -j MASQUERADE _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531