phuzi0n,
thanks, this put me one step further towards my goal. I always used "Download" section in Script Generator and did not even think that I should use "Upload" instead.
Now, at least something happens with my traffic. However, something strange. If nothing is using the connection and I download with one HTTP stream, for example, download rate significantly slower than I requested. For instance, if rate 230kbit and ceil 460kbit then it downloads no faster than 20 KB/s. I repeat, I use PPTP connection to ISP, could it be a reason for imq bizarre behaviour? _________________ DD-WRT v.24 Mini on WRT54GL v.1.1
Reviving this old thread from a link just to say that anyone looking to do mac based filtering with iptables be sure to load the kernel module for it.
insmod ipt_mac
tested on the now most current 12548M, won't work - I tested in different ways, I don't think mac address work.
I tested successfully on ip practically in one shot, the setting applies to both LAN and WAN (makes the access to router very slow). And yes, there is a about 25% margin of error. When you set the speed as 1000kb, you actually get around 800kb.
I wish I can get the bandwidth limit feature from the special edition here so that I don't need to play with commands.
MAC filtering does indeed still work, post your script. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
MAC filtering does indeed still work, post your script.
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 6500kbit
tc class add dev br0 parent 1:1 classid 1:10 htb rate 700kbit ceil 1000kbit prio 2
tc filter add dev br0 parent 1:0 protocol ip prio 2 u32 match u16 0x0800 0xFFFF at -2 match u32 0x00000000 0xFFFFFFFF at -12 match u16 0x0000 0xFFFF at -14 flowid 1:10
insmod imq
insmod ipt_mac
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 730kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 10kbit ceil 20kbit prio 2
iptables -t mangle -A PREROUTING -m mac --mac-source 00:00:00:00:00:00 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -j IMQ --todev 0
tested my own mac, doesn't work
by the way, can I set it to limit the connection on WAN only instead of LAN? I don't really care about LAN, the WAN is what's important.
You're missing insmod ipt_IMQ. The br0 code is for limiting downloads which won't work for mac filters without adding more code to save and restore connection marks. If you don't care about trying to limit downloads then you can remove it. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
You're missing insmod ipt_IMQ. The br0 code is for limiting downloads which won't work for mac filters without adding more code to save and restore connection marks. If you don't care about trying to limit downloads then you can remove it.
so I need all these 3?
insmod imq
insmod ipt_mac
insmod ipt_IMQ
actually the most I concern about is download. So this pack of codes won't work for mac?
so I need all these 3?
insmod imq
insmod ipt_mac
insmod ipt_IMQ
actually the most I concern about is download. So this pack of codes won't work for mac?
Yes, look at the scripts that have been posted or regenerate one and you'll see both imq modules are needed. The imq module loads the imq device and the ipt_IMQ module loads the iptables target extension for it.
Adding this should get your downloads limited for the MAC rules.
iptables -t mangle -I PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
so I need all these 3?
insmod imq
insmod ipt_mac
insmod ipt_IMQ
actually the most I concern about is download. So this pack of codes won't work for mac?
Yes, look at the scripts that have been posted or regenerate one and you'll see both imq modules are needed. The imq module loads the imq device and the ipt_IMQ module loads the iptables target extension for it.
Adding this should get your downloads limited for the MAC rules.
my first post here but been reading for a few days, need to limit my brother from using all the banwitdh hehe , wasn't able to find and "easy"solution to simply impose a monthly cap ie 30-40 gig so instead I will be limiting his speed.
here is my script :
TCA="tc class add dev br0"
TFA="tc filter add dev br0"
TQA="tc qdisc add dev br0"
SFQ="sfq perturb 10"
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 9500kbit
$TCA parent 1:1 classid 1:10 htb rate 512kbit ceil 512kbit prio 3
$TQA parent 1:10 handle 10: $SFQ
$TFA parent 1:0 protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u32 0xA571FD18 0xFFFFFFFF at -12 match u16 0x0014 0xFFFF at -14 flowid 1:10
TCAU="tc class add dev imq0"
TFAU="tc filter add dev imq0"
TQAU="tc qdisc add dev imq0"
insmod imq
insmod ipt_IMQ
insmod ipt_mac
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 820kbit
$TCAU parent 1:1 classid 1:10 htb rate 100kbit ceil 100kbit prio 3
$TQAU parent 1:10 handle 10: $SFQ
iptables -t mangle -A PREROUTING -m mac --mac-source 00:xx:xx:xx:xx:xx -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -j IMQ --todev 0
Download speed is limited very well but it does not block upload speed.
what is wrong in my script to limit upload speed ?
For anyone else following this from search or whatever, one thing I notice is that the actual bandwidth given is usually about 80% - 95% of what you specify per user. So you should account for that or else it might be slower than you intend.
Posted: Mon Nov 28, 2011 9:43 Post subject: wl500g deluxe + build 14929 std + prioritize services
Hello friends. I am using a Asus wl500g deluxe router with the dd-wrt build 14929 and I want to generate a firewall script to prioritize the services , "automatically share bandwidth " between voip, mail. dc++, etc using the script generator v 1.02 . I am new on this and I want to know if there are other things to do , other than generating the script and to paste it in the startup. Also I want to know what device I have to use (br0,etc) if I want to use my Asus in client mode for a wireless connection or only like a broadband router , using the WAN port. Thank you.
