Posted: Mon Jan 23, 2012 22:14 Post subject: Limiting Bandwidth
How can I use QoS to limit the bandwidth of a device? My connection on average according to speedtest is roughly 22Mbps down and 3.5Mbps Up. What settings should I use if I constantly want to limit a device to say 10Mbps and 1Mbps? Is that possible. I tried reading the wiki and searching, but the way I interpret it is that it only prioritizes...
You can't do that with DD-WRT. You can set a max rate for a wired client, but not wireless. And you can only set the max port speed, not separate up & down speeds.
You might try Tomato, if it supports your router, and you don't need wireless repeater, which it can't do. It can limit up & down speeds for each client, and seems to do a better job of giving everyone some bandwidth under heavy load.
Your statement that the maximum rate for a wireless client cannot be set in DD-WRT is incorrect. Maybe it cannot be done using the GUI (I don't know either way), but it is definitely possible using iptables. In fact, client specific bandwidth limitation is part of my firewall script.
Here's a simple example pasted as a snippet from my firewall script. 80% of my download and upload are 18000/3200 respectively. The router handles two wireless networks 192.168.1.0/24 (br0) and 192.168.2.0/24 (br1).
One particular wireless client on br0 (192.168.1.5) is restricted to 150 kbit down/up, and the entire 192.168.2.0/24 network is restricted to 1536 kbit down and 256 kbit up. BTW, the limits 192.168.1.5 and 192.168.2.0/24 have been tested and work exactly as desired
Code:
# br0 and download limit on 192.168.1.5
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 18000kbit
tc class add dev br0 parent 1:1 classid 1:10 htb rate 150kbit ceil 150kbit prio 0
tc qdisc add dev br0 parent 1:10 handle 10: sfq perturb 10
tc filter add dev br0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -d 192.168.1.5 -j MARK --set-mark 10
#
# br1 and download limit on 192.168.2.0/24
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 2: htb
tc class add dev br1 parent 2:1 classid 2:15 htb rate 1536kbit ceil 1536kbit prio 1
tc qdisc add dev br1 parent 2:15 handle 15: sfq perturb 10
tc filter add dev br1 parent 2:0 prio 1 protocol ip handle 15 fw flowid 2:15
iptables -t mangle -A POSTROUTING -d 192.168.2.0/24 -j MARK --set-mark 15
#
# upload limits
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 3200kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 150kbit ceil 150kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:15 htb rate 256kbit ceil 256kbit prio 2
tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev imq0 parent 1:15 handle 15: sfq perturb 10
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
iptables -t mangle -A PREROUTING -s 192.168.1.5 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -s 192.168.2.0/24 -j MARK --set-mark 15
iptables -t mangle -A PREROUTING -j IMQ --todev 0
So while I have no idea whether this is possible via the GUI, I am 100% certain that client-specific limits can be configured via iptables.
Cheers,
Uncle Dan
P.S. Original poster - if you describe what you want in more detail, I'm sure someone here will be able to help you write a suitable fw script. Personally, I don't use the gui for QoS because I find iptables scripting to be more flexible/powerful ....
backwoodsman wrote:
You can't do that with DD-WRT. You can set a max rate for a wired client, but not wireless. And you can only set the max port speed, not separate up & down speeds.
You might try Tomato, if it supports your router, and you don't need wireless repeater, which it can't do. It can limit up & down speeds for each client, and seems to do a better job of giving everyone some bandwidth under heavy load.
If I have clients that connect wirelessly to the router, and I want to limit everyone's download/upload, do I still use br0 and imq0 interface, or do I set both on imq0? What about ath0, since everyone is wireless? (I really have no idea how to use IP tables. I use the GUI and then beyond that I'm lost.)
I know this is a bit of a necro, but this is literally the only good post on this topic I have ever come across.
Are the descriptions backwards? For example - the FAQ on DD-WRT QoS says the imq0 interface is used to control downloads, and br0 (LAN&WLAN bridge) is used to control uploads, (if you use that interface for QoS instead of the WAN interface).
I'm learning and trying to understand what line of code is doing what...
UPDATE - I tried the script. It works exactly as stated.
The approach suggested by slobodan is what I use as well: IP based restrictions along with static leases.
My memory is rusty, but I think that MAC addresses can't be used with the MANGLE table.
There is off course the concern that someone connected to your router will circumvent bandwidth restrictions by changing their IP address. There is a way to handle this. I think you can drop packets from an IP address if it doesn't have a specific MAC address (something like "-m mac ! --mac-address").
At least, many years ago, when I used a Linux PC as a wireless router, I know I had done so .... that was with kernel 2.4.
slobodan wrote:
RobWheeler wrote:
Also, can you limit using MAC address rather than ip?
I don't know, but if you use static leases, an IP strictly corresponds to a MAC address.
# br0 and download limit on 192.168.1.5
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 18000kbit
tc class add dev br0 parent 1:1 classid 1:10 htb rate 150kbit ceil 150kbit prio 0
tc qdisc add dev br0 parent 1:10 handle 10: sfq perturb 10
tc filter add dev br0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -d 192.168.1.5 -j MARK --set-mark 10
#
# br1 and download limit on 192.168.2.0/24
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 2: htb
tc class add dev br1 parent 2:1 classid 2:15 htb rate 1536kbit ceil 1536kbit prio 1
tc qdisc add dev br1 parent 2:15 handle 15: sfq perturb 10
tc filter add dev br1 parent 2:0 prio 1 protocol ip handle 15 fw flowid 2:15
iptables -t mangle -A POSTROUTING -d 192.168.2.0/24 -j MARK --set-mark 15
#
# upload limits
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 3200kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 150kbit ceil 150kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:15 htb rate 256kbit ceil 256kbit prio 2
tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev imq0 parent 1:15 handle 15: sfq perturb 10
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 15 fw flowid 1:15
iptables -t mangle -A PREROUTING -s 192.168.1.5 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -s 192.168.2.0/24 -j MARK --set-mark 15
iptables -t mangle -A PREROUTING -j IMQ --todev 0
Hello @met_net, thanks million times! The script works great, I've tried it on build 25648, but it only does the limit on the download bandwidth, but something seems to be wrong with the upload part, it doesn't do anything. Upload speed stays the same after applying the limit. Any ideas?