limiting client download/upload volume

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
iiiyaegr
DD-WRT Novice


Joined: 08 Mar 2009
Posts: 5

PostPosted: Mon Mar 09, 2009 6:30    Post subject: limiting client download/upload volume Reply with quote
I discovered DD-WRT a couple days ago while searching for a way to limit download and upload volume by IP address on my home network. My goal is to have a router that can do something like this: Limit IP address 192.168.1.13 to 500MB of download and upload per day, after which the client is shaped or disconnected. DD-WRT sounded promising, so I bought a WRT54GL and installed dd-wrt.v24_std_generic.bin.

Here is a list of semi-solutions I have found so far in the course of searching the forums. If you have any more to add, or can explain how any of the "semi-solutions" can be combined or modified into real solutions, please share.

1. The purchased version of DD-WRT apparently allows one to *monitor* traffic volume by IP address, but I have read nothing that suggests this version's GUI allows one to program actions to be taken based on traffic volume. However, it seems like if this version can monitor traffic volume by IP address, then with the right scripting, one can program the desired actions to be taken based on those statistics. It would seem to just be a matter of knowing what variables to access with "nvram get " (see (5) below). I would be willing to purchase DD-WRT if I knew this could be done.

2. The purchased version of DD-WRT also apparently allows one to apply shaping to specific IP addresses (i.e., limit the download and upload speeds of specific clients) in the QoS section of the GUI. Shaping is a useful action to take once volume limits have been exceeded, but it doesn't help determine when this has happened in the first place.

3. Robert Mytkowski's WRT54 Script Generator ( http://www.icpnet.pl/~robsonn/generator.zip ) provides a GUI for generating scripts that apply shaping rules to specific IP addresses or MAC addresses. It does not appear to generate any scripts for limiting *volume* (e.g., 500MB per day), but rather, like (2), only limits download and upload *rates*.

4. WRTbwlog is an application that gives DD-WRT the ability to execute user-supplied scripts if volume for the whole network exceeds a certain amount during the month. This addresses what I'm really interested in (download/upload *volume*, rather than download/upload speed), but it doesn't appear to monitor volume by IP address or MAC address.

5. yugiohdan6 posted scripts in http://www.dd-wrt.com/phpBB2/viewtopic.php?t=47014 that drop or shape WAN connections after WAN download and upload volume for the whole network exceeds a certain amount in a month. It accesses and parses strings in nvram with names like "traff-03-2009". The data contained in those variables is for the whole network, not individual IP or MAC addresses. Can such client-specific information be accessed with other variable names?

6. The free versions of DD-WRT can be set to send detailed traffic data to a server with RFlow installed on it. Assuming one can program the server to send commands back to the DD-WRT router, this could be the basis of a complete solution to the problem, except that it requires a separate server from the router, which I would very much like to avoid.
Sponsor
Donny
DD-WRT Guru


Joined: 13 Nov 2008
Posts: 5266
Location: CENTRAL Midnowhere

PostPosted: Mon Mar 09, 2009 12:38    Post subject: Reply with quote
I had understood that the paid version would limit traffic based on volume, based on mac address, not IP address.
_________________
Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1

Peacock Thread Sticky- Just read it! (Anyone using SP1 will be taken out back and shot)
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Mon Mar 09, 2009 16:14    Post subject: Reply with quote
If you can script a little then you can set up iptables rules for each of the clients to monitor and use iptables -vL FORWARD to get the byte count and then save it somewhere so you don't lose it after a restart.
iiiyaegr
DD-WRT Novice


Joined: 08 Mar 2009
Posts: 5

PostPosted: Mon Mar 09, 2009 19:55    Post subject: Reply with quote
Donny wrote:
I had understood that the paid version would limit traffic based on volume, based on mac address, not IP address.


I would buy the special version in a second, and be willing to pay a lot more than what they're charging (did you hear that development team?), if I knew for certain that it did what you say. All I can find out about it is from the tiny blurb here, http://shop.dd-wrt.com/shop/catalog/product_info.php?cPath=22&products_id=31 By "Per User Bandwith Control", I think people usually mean throttling or shaping, i.e., limiting download/upload speed (I don't care whether it's per IP or per MAC), not limiting volume over specific periods, as in "500MB per day". If the special version limited by volume, I don't think my question would come up so regularly with so few answers. But I would be elated to find out that my guess is wrong and that all I have to do is spend a little more money to limit by volume.
Donny
DD-WRT Guru


Joined: 13 Nov 2008
Posts: 5266
Location: CENTRAL Midnowhere

PostPosted: Mon Mar 09, 2009 20:09    Post subject: Reply with quote
To determine with more certainty, your best bet is to PM Brainslayer. Let us know what he says.
_________________
Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1

Peacock Thread Sticky- Just read it! (Anyone using SP1 will be taken out back and shot)
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
iiiyaegr
DD-WRT Novice


Joined: 08 Mar 2009
Posts: 5

PostPosted: Mon Mar 09, 2009 20:24    Post subject: Reply with quote
phuzi0n wrote:
If you can script a little then you can set up iptables rules for each of the clients to monitor and use iptables -vL FORWARD to get the byte count and then save it somewhere so you don't lose it after a restart.


I can script a little, in a generic sense, but iptables is a jungle of its own. I'll consider wading in, depending on the reply from Brainslayer (is he a *s*layer of brain, or a layer of brain*s*???) to my question about the special version.
Donny
DD-WRT Guru


Joined: 13 Nov 2008
Posts: 5266
Location: CENTRAL Midnowhere

PostPosted: Mon Mar 09, 2009 20:51    Post subject: Reply with quote
iiiyaegr wrote:
(is he a *s*layer of brain, or a layer of brain*s*???)


He slays puppies, but that is a forum secret. Wink

_________________
Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1

Peacock Thread Sticky- Just read it! (Anyone using SP1 will be taken out back and shot)
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Mon Mar 09, 2009 21:02    Post subject: Reply with quote
iiiyaegr wrote:
I can script a little, in a generic sense, but iptables is a jungle of its own. I'll consider wading in, depending on the reply from Brainslayer (is he a *s*layer of brain, or a layer of brain*s*???) to my question about the special version.

There's not much to the iptables part, just set up some accept filters so that it will keep track per user and then do a lot of manipulation on the output from the command above. The accept filters would look like this:

iptables -I -d 10.0.0.100 -j ACCEPT
iptables -I -d 10.0.0.101 -j ACCEPT
iptables -I -d 10.0.0.102 -j ACCEPT
shizuo
DD-WRT User


Joined: 10 Feb 2008
Posts: 72

PostPosted: Tue Mar 10, 2009 16:14    Post subject: Reply with quote
I am using latest special DD-WRT and as far as I know it only allows you to set client speed limits and does not have setting for limiting volume of transfer per time period(i.e. 100GB per month).
iiiyaegr
DD-WRT Novice


Joined: 08 Mar 2009
Posts: 5

PostPosted: Tue Mar 10, 2009 21:23    Post subject: Reply with quote
phuzi0n wrote:
iiiyaegr wrote:
I can script a little, in a generic sense, but iptables is a jungle of its own. I'll consider wading in, depending on the reply from Brainslayer (is he a *s*layer of brain, or a layer of brain*s*???) to my question about the special version.

There's not much to the iptables part, just set up some accept filters so that it will keep track per user and then do a lot of manipulation on the output from the command above. The accept filters would look like this:

iptables -I -d 10.0.0.100 -j ACCEPT
iptables -I -d 10.0.0.101 -j ACCEPT
iptables -I -d 10.0.0.102 -j ACCEPT


Based on shizuo's reply regarding the special version of DD-WRT, it sounds like my next step is setting up something like what you describe.

From what I'm beginning to understand, the above iptables commands insert rules into the router somewhere. The router keeps a count of all packets and bytes that pass each rule. Since the above rules do nothing but allow packets to continue to/from a certain IP address, the counts for each rule will simply be a measure of the traffic to/from the specified IP address.

However, I'm not sure what you mean by "the output from the command above"--what command above are you referring to? Where is the counter for each rule kept and how is it accessed?

As for manipulation of the output, I'd like to do so in C/C++ if possible because it's what I'm used to, though I'm willing to get the hang of awk, sed, grep etc if I have to. So here's a potentially dumb question: Can I compile C/C++ programs on the WRT54GL running with DD-WRT's Linux? Its shell doesn't recognize "gcc" or "g++" so I'm guessing not, but I thought I'd ask.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Tue Mar 10, 2009 21:52    Post subject: Reply with quote
From my first reply:

iptables -vL FORWARD


You can compile but you need to do it from a pc with all the appropriate tools. Scripting is the more logical route though.
sgwood
DD-WRT Novice


Joined: 27 Apr 2007
Posts: 10

PostPosted: Fri Jul 31, 2009 11:19    Post subject: Reply with quote
Would be also very interested in a solution to this.

@iiiyaegr: did you find a solution to this?

many thanks
axelm
DD-WRT User


Joined: 03 Oct 2008
Posts: 313

PostPosted: Fri Jul 31, 2009 12:23    Post subject: Reply with quote
sgwood wrote:
Would be also very interested in a solution to this.

@iiiyaegr: did you find a solution to this?

many thanks


I am willing to pay for this too. I want to limit bandwidth use at the office. That would be different limits per client (MAC or IP), with throttling down to a different shaping category. One of those categories would be "no wan access", so if the user keeps on abusing his/her packets would get dropped.
sgwood
DD-WRT Novice


Joined: 27 Apr 2007
Posts: 10

PostPosted: Fri Jul 31, 2009 12:39    Post subject: Reply with quote
Throttling is already well documented.

The request here is for the volume counts either per
MAC-Address or IP e.g. 2Gig per Month for MAC-Addresse.
Great would also be a cutoff at a certian volume
within a certain period but that isn't a must.
axelm
DD-WRT User


Joined: 03 Oct 2008
Posts: 313

PostPosted: Fri Jul 31, 2009 12:49    Post subject: Reply with quote
sgwood wrote:
Throttling is already well documented.

The request here is for the volume counts either per
MAC-Address or IP e.g. 2Gig per Month for MAC-Addresse.
Great would also be a cutoff at a certian volume
within a certain period but that isn't a must.


sgwood, could you point me to the correct documentation for throttling?

thanks in advance
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum