[paradigm]

Hello. I noticed a lot of people having problems with this. I had to spend about eight hours to get this working so I figured I should share. :)

Firstly, apparently 'modprobe' no longer works in the new dd-wrt firmware. I had to replace all calls to modprobe with 'insmod'

Second, It is reported that the ip range commands are not working either. It did not seem as if using mac addresses were workign either so I just used IPs and assigned them based on mac elsewhere in the firmware. [3/6/2009: per "phuzi0n" in a post below it WILL work if you load the proper module for it, "insmod ipt_mac" -- I have not verified this but you can try and report here please for others.]

Third, I had to manually disable two of the advanced options in the script generator which pertain to optimizing and reducing script length to get it to work.

Below is a working configuration which I am using sucessfully and it has been verified to work with the 11/25/8 build (I believe Eko) for the wrt54gl. And using v1.02 of the script.

Basically I have IP's 192.168.1.201 - 192.168.1.208 with upload and download restrictions. All users but 192.168.1.201 have the following restrictions:

Download rate 500kb/s Ceiling 700 kb/s
Upload rate 25 kb/s Ceiling 100 kb/s

192.168.1.201's limits:

Download rate 1000kb/s Ceiling 1000 kb/s
Upload rate 50 kb/s Ceiling 200 kb/s

[paradigm]

I should probably add some things as well.

The script I am speaking of is from here:

http://www.icpnet.pl/~robsonn/generator.zip

To use the script output or a modified version of mine, you go to ADMINISTRATION->COMMANDS and put it in. Then you choose SAVE FIREWALL, go to MANAGEMENT, then choose APPLY. Then reboot the router.

If you just want a more elegant and easier solution which handles download limits only (no upload limits), try the special version:

CORRECTION! Special version now does seem to have upload limits per MAC!

Screenshot: http://dinocrew.com/images/ddwrtqos.gif

http://www.dd-wrt.com/shop/catalog/

I believe if you buy from the above it supports dd-wrt? Thus I include it out of respect and in case this does not work for you. [b]It might be a lot easier than custom hacking iptables scripts....

[shizuo]

What do you mean special version has no upload limit? It works fine for me.

[paradigm]

[paradigm]

[dellsweig]

THANKS for the find on MODPROBE !!!!!

That solved all my issues with the Upload limiting!!

[dellsweig]

A new question regarding the use of the script generated bandwidth control.

I have a VPN client on one of my laptops for work connectivity. I want to control the uplink bandwidth on this PC.

I setup a filter using the generator to limit this PC to 200k uplink. This is fine when the PC is on my lan but when I bring up the VPN tunnel to work this no longer works (no limiting).

The only thing I can figure is that the IP of the PC is changed to an IP assigned by my works DHCP server.

Any suggeestions on getting this to work - use MAC of the laptop??

[paradigm]

[greeneyes]

Hmmmm....I think that there is too much useless lines that can be removed and by doing this you are going to reduce the script length. It's not necessary to include parent for each classid and ip handle. It's not an error but it's wasting of time typing each line and not at least it reduces script length. What I'm trying to say is this: in your case you need only two rules. So this means that you need only two lines for classid that are going to give you rate and ceil for each one of the two rules:

tc class add dev br0 parent 1:1 classid 1:10 htb rate 1000kbit ceil 1000kbit prio 2
tc class add dev br0 parent 1:1 classid 1:11 htb rate 500kbit ceil 700kbit prio 2

And now you need two lines for iphandle that are going to give you flowid addressed to the needed rule:

tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11

Now you have the rules with needed speeds and flowid for each rule. All you have to do now is to address each IP to a specific flowid:

iptables -t mangle -A POSTROUTING -d 192.168.1.201 -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -d 192.168.1.202 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.203 -j MARK --set-mark 11
.................and so on

After all script is going to look like this:

tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate 2500kbit
tc class add dev br0 parent 1:1 classid 1:10 htb rate 1000kbit ceil 1000kbit prio 2
tc class add dev br0 parent 1:1 classid 1:11 htb rate 500kbit ceil 700kbit prio 2
tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
iptables -t mangle -A POSTROUTING -d 192.168.1.201 -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -d 192.168.1.202 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.203 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.204 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.205 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.206 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.207 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -d 192.168.1.208 -j MARK --set-mark 11
insmod imq
insmod ipt_IMQ
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 400kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 50kbit ceil 200kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:11 htb rate 25kbit ceil 100kbit prio 2
tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11
iptables -t mangle -A PREROUTING -s 192.168.1.201 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -s 192.168.1.202 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.203 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.204 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.205 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.206 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.207 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.1.208 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -j IMQ --todev 0

In other words the script is now 24 lines shorter and it could be even more shorter if one day the IP range problem is solved ;)

P.S.: I think your thread has a lot of common things with mine http://www.dd-wrt.com/phpBB2/viewtopic.php?p=238636#238636

[paradigm]

[paradigm]

For anyone else following this from search or whatever, one thing I notice is that the actual bandwidth given is usually about 80% - 95% of what you specify per user. So you should account for that or else it might be slower than you intend.

[phuzi0n]

Reviving this old thread from a link just to say that anyone looking to do mac based filtering with iptables be sure to load the kernel module for it.

insmod ipt_mac

[paradigm]

[Spaider]

I wasted tremendous amount of time trying to get priorities to work. I am not linux guru, so may be I am missing something. May be someone can help me at least diagnose what's the problem.

I am trying to set priorities for www, smpt and p2p traffic on my 512Kbit connection. Here is the script I got from generator:

[phuzi0n]

Your script only has a queue attached to your uplink interface. The iptables rules will mark traffic in both directions but only the marked uplink traffic ends up in a queue.

Instead of using any of the presets in the script generator, create your own rules that have downlink limits so that it generates a script with imq0. Also don't set it to ppp0 because the generator attaches the uplink to imq0 and downlink to br0 by default.