Posted: Fri Aug 02, 2013 0:06 Post subject: Limit Guest WiFi Speed
Anyone know if it is possible to limit the connection speed to a bridge/network interface (Bridge: br1 & Interface: wl0.1 is what I want to limit to 5mbps)?
I need to limit speeds on my guest wifi so that they cannot utilize the full speeds of the network.
I tried to ask on #dd-wrt on Freenode, but had no luck in a response.
I am running Firmware: DD-WRT v24-sp2 (06/08/12) mega - build 19342 on a Asus RT-N16 router.
If that seems a bit much, Tomato mod allows bandwidth limiting by ip/mac, and specifically Shibby/Victek's mods allow limiting on multiple bridges, eg. br1.
If that seems a bit much, Tomato mod allows bandwidth limiting by ip/mac, and specifically Shibby/Victek's mods allow limiting on multiple bridges, eg. br1.
However, you're saying that with DD-WRT it is not possible to limit bridges specifically, only via IP? Another thing is, I have a DHCP server serving a different IP range for br1. Is it possible to just wildcard limit that whole IP range (192.168.2.*)? If so, any ideas how?
I have tried using that script generator. However, it does not work. I modifying the script a bit replacing the br0 options with br1 to match my network bridge name, but that does not work. My Guest WiFi is failing to get internet connectivity now.
The script generator is actually pretty bad (not quite as bad as built in QoS used to be though). The easiest way to limit the guest WLAN (if you followed my multiple wlan guide) is to set QoS to the WAN interface, configure whatever limits you want for the guest WLAN, and then add a rule for br0's subnet to make it exempt. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
That will only work in very recent builds (past few months) that now have the advanced QoS settings (formerly only in paid versions) and I still haven't gotten around to checking which kinds of builds got it but iirc not all builds do. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Joined: 29 May 2008 Posts: 243 Location: United Kingdom
Posted: Tue Aug 13, 2013 4:00 Post subject:
you can separate the WiFi networks, Then go to NAT/QoS and netmask YOUR INTERNAL Network e.g 192.168.1.1/24 set that to Experct and for Guest 192.168.2.1/24 set it to Bulk http://www.youtube.com/watch?v=d1Dpyin-99M
This way, your network would have full speed over the WiFi guest and the guest would have the reset of whatever left over however the guest would have full speed until you download something. and 100% recommended for gamers. _________________ TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17
So I have Asus RT-N16 Router with DD-WRT v24-sp2 (08/12/10) mega. I have been reading and searching for right settings how to limit speed (upload and download) to my second lan (shared by my neighbor). I want to limit his speed to 5Mbps U/D.
Till now I have used the code in this forum and only download speed got affected but the upload speed has no restrictions.
When applying this code do I need my QoS turned ON or OFF.
Does anybody have a working script for this router mode.
My current code is
Code:
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
TCA="tc class add dev br1"
TFA="tc filter add dev br1"
TQA="tc qdisc add dev br1"
SFQ="sfq perturb 10"
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 93644kbit
$TCA parent 1:1 classid 1:10 htb rate 5120kbit ceil 5120kbit prio 3
$TQA parent 1:10 handle 10: $SFQ
$TFA parent 1:0 prio 3 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -m iprange --dst-range 192.168.2.100.100-192.168.2.111 -j MARK --set-mark 10
TCAU="tc class add dev imq0"
TFAU="tc filter add dev imq0"
TQAU="tc qdisc add dev imq0"
modprobe imq
modprobe ipt_IMQ
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 93644kbit
$TCA parent 1:1 classid 1:10 htb rate 5120kbit ceil 5120kbit prio 3
$TQAU parent 1:10 handle 10: $SFQ
$TFAU parent 1:0 prio 3 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.2.100.100-192.168.2.111 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -j IMQ --todev 0
Would it helped if instead ip range I would just use 192.168.2.100/24 or 192.168.2.*
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Thu Feb 13, 2014 11:48 Post subject:
You have build from 2010 and its 2014 now. No1 will give you support for old build. I would like to help you but I have 23503 build and kernel and many modules are newer and will probably wont work in your case... Is there any reason not to update to newer build? In newer build you can do it from GUI... In newer build you have MAC up/down banwidth limiting, IP (or subnet) up/down bandwidth limiting and prioritizing... etc, etc...