1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Creating 2 separate networks with Tomato

Discussion in 'Tomato Firmware' started by onehomelist, Apr 18, 2010.

  1. onehomelist

    onehomelist Addicted to LI Member

    I have couple of wireless access points and about 100 wired pc's on my network. The issue I face is that I have an open wireless setup. So, all the available bandwidth is used up by those who get access via wireless, leaving no bandwidth at all for wired LAN pc's. While looking for a solution, I found this guide which is about creating two separate subnets on a single router.

    http://www.seiichiro0185.org/doku.php/blog:creating_a_seperate_guest_network_with_tomato

    The set-up is advantageous because smb or windows shares on the wired LAN won't be accessible on wireless.


    There is one more issue which I want to solve is limiting bandwidth on the vlan2 interface. For example on a debian system, if wondershaper is installed, the following command will limit bandwidth on the specified interface.

    sudo wondershaper eth0 10000 280

    Is there a command for rate limiting on interface for tomato?
     
  2. Porter

    Porter LI Guru Member

    I think your problem is rather odd. Why do your wireless clients get more bandwidth than your wired clients? From my experience wired clients always haven an advantage, bedause their line is faster and more stable. Maybe it would help if you described your network topology better or maybe you use mspaint instead... whatever works best.

    Using wondershaper with Tomato _should_ work, because Tomato has the most commonly used software used for this installed. You will have to edit the script, though.
     
  3. onehomelist

    onehomelist Addicted to LI Member

    What I said was very ambiguous, i guess. My wireless users always use p2p and streaming applications, so they hog the entire available bandwidth. Wired LAN users just browse websites, and they consume far little bandwidth, but I should give more priority to wired LAN users. If I have 4 Mbp/s WAN bandwidth, I would like to give just 2 Mbp/s to the wireless users. So the solution I thought up was creating a separate network for wireless users. And by using wondershaper script forcing the interface vlan3 (that connects to access points), down to 2 Mbp/s.
     
  4. karogyoker

    karogyoker Addicted to LI Member

  5. gingernut

    gingernut LI Guru Member

  6. Porter

    Porter LI Guru Member

    I compiled a script mostly by copying from there: http://lartc.org/howto/lartc.cookbook.ultimate-tc.html#AEN2241

    The script:
    Code:
    ## Cleanup
    # Delete qdiscs
    tc qdisc del dev imq0 root 2>/dev/null
    tc qdisc del dev imq1 root 2>/dev/null
    tc qdisc del dev ppp0 root 2>/dev/null
    tc qdisc del ppp0 ingress 2>/dev/null
    tc qdisc del dev eth0 root 2>/dev/null
    tc qdisc del dev eth1 root 2>/dev/null
    tc qdisc del dev br0 root 2>/dev/null
    tc qdisc del dev vlan0 root 2>/dev/null
    tc qdisc del dev vlan1 root 2>/dev/null
    tc qdisc del dev vlan2 root 2>/dev/null
    
    
    # Delete Chains
    iptables -t mangle -D PREROUTING -i vlan2 -j IMQ --todev 0 2>/dev/null
    iptables -t mangle -D POSTROUTING -o vlan2 -j IMQ --todev 1 2>/dev/null
    
    
    ## Start
    # Load modules
    modprobe imq
    modprobe ipt_IMQ
    
    # Incoming
    ip link set imq0 up
    
    # Outgoing
    ip link set imq1 up
    
    ## Load iptables rules:
    iptables -t mangle -I PREROUTING -i vlan2 -j IMQ --todev 0
    iptables -t mangle -I POSTROUTING -o vlan2 -j IMQ --todev 1
    
    #Parameters
    UPLINK=800
    DOWNLINK=2000
    
    ##UPLINK
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq0 root handle 1: htb default 20
    
    # shape everything at $UPLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq0 parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
    #   burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic, 
    # and a lower priority:
    
    tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
       burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
    
    ##DOWNLINK
    
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq1 root handle 1: htb default 20
    
    # shape everything at $DOWNLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq1 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${DOWNLINK}kbit \
    #   burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic, 
    # and a lower priority:
    
    tc class add dev imq1 parent 1:1 classid 1:20 htb rate $[9*$DOWNLINK/10]kbit \
       burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10
    This is a very simple script. I haven't tested it, just took some old parts and copied some from the Howto. Therefore: use at you own risk. Especially if you are not in the same building with this router!
    This script doesn't just limit internet traffic, it limits every traffic on this device. If there isn't any traffic from your wireless clients to your wired clients this isn't a problem, if there is traffic they will get limited, too.

    To use this you should review the "Parameters" section and put in your numbers. Keep in mind that this script is shaping vlan2 and nothing else (your WAN device isn't shaped). You can put this script in Administration/Scripts/WAN Up.

    If you screw up just run the ##Cleanup part, this should put everything back to normal. If not, reboot.

    I highly doubt the effectiveness of this script because it's not prioritizing traffic, so I'm very sure that just a few wireless clients with p2p will kill the connection for everybody else on the wireless part... But hopefully your wired clients won't have to deal with them any more.
     
  7. onehomelist

    onehomelist Addicted to LI Member

    Thanks Porter. On my Asus RT-N16, if I am going to create a second subnet, then I have to use vlan3 interface. Because vlan2 is used for WAN. Here I have modified it. See if it's okay. When I edit parameters I should put figures in kilo bits, right? I will still use QOS to prioritize traffic, so p2p and other bandwidth hungry application will be put on lower classes.

    Code:
    ## Cleanup
    # Delete qdiscs
    tc qdisc del dev imq0 root 2>/dev/null
    tc qdisc del dev imq1 root 2>/dev/null
    tc qdisc del dev ppp0 root 2>/dev/null
    tc qdisc del ppp0 ingress 2>/dev/null
    tc qdisc del dev eth0 root 2>/dev/null
    tc qdisc del dev eth1 root 2>/dev/null
    tc qdisc del dev br0 root 2>/dev/null
    tc qdisc del dev vlan0 root 2>/dev/null
    tc qdisc del dev vlan1 root 2>/dev/null
    tc qdisc del dev vlan2 root 2>/dev/null
    tc qdisc del dev vlan3 root 2>/dev/null
    
    
    # Delete Chains
    iptables -t mangle -D PREROUTING -i vlan3 -j IMQ --todev 0 2>/dev/null
    iptables -t mangle -D POSTROUTING -o vlan3 -j IMQ --todev 1 2>/dev/null
    
    
    ## Start
    # Load modules
    modprobe imq
    modprobe ipt_IMQ
    
    # Incoming
    ip link set imq0 up
    
    # Outgoing
    ip link set imq1 up
    
    ## Load iptables rules:
    iptables -t mangle -I PREROUTING -i vlan3 -j IMQ --todev 0
    iptables -t mangle -I POSTROUTING -o vlan3 -j IMQ --todev 1
    
    #Parameters
    UPLINK=800
    DOWNLINK=2000
    
    ##UPLINK
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq0 root handle 1: htb default 20
    
    # shape everything at $UPLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq0 parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
    #   burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic, 
    # and a lower priority:
    
    tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
       burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
    
    ##DOWNLINK
    
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq1 root handle 1: htb default 20
    
    # shape everything at $DOWNLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq1 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${DOWNLINK}kbit \
    #   burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic, 
    # and a lower priority:
    
    tc class add dev imq1 parent 1:1 classid 1:20 htb rate $[9*$DOWNLINK/10]kbit \
       burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10
     
  8. Porter

    Porter LI Guru Member

    Just to come back to another point you mentioned before: I don't think you need a separate network for your wireless clients. It should work just with the script and the correct wlan-interface.

    If it's vlan3, then I think you have made the right changes. The rates are in kilobit.
     
  9. onehomelist

    onehomelist Addicted to LI Member

    If I have to separate one Ethernet interface (out of four) then I have to have a separate network, right. Now, with the default setting which is br0, all four ports are considered as one interface. My aim is to separate one port from the br0. If its possible to isolate 1 ethernet port without creating a separate network, It would be great.
     
  10. Porter

    Porter LI Guru Member

    Any success?
     
  11. onehomelist

    onehomelist Addicted to LI Member

    I have one doubt to be cleared.. It's Asus RT - N16, this is the output of 'nvram show | grep vlan.ports' on my router.
    Code:
    vlan1ports=4 3 2 1 8*
    vlan2ports=0 8
    Here is the code which I am going to execute, please see if my modifications are correct

    Code:
    nvram set vlan1ports="3 2 1 8*"
    nvram set vlan3hwname=et0
    nvram set vlan3ports="4 8*"
    nvram commit
     
  12. xorglub

    xorglub Addicted to LI Member

    You already have 2 different subnets - why don't you create QOS rules out of that ?
     
  13. onehomelist

    onehomelist Addicted to LI Member

    I don't have 2 subnets. On Asus RT-N16 vlan2 is assigned for LAN. I badly need a second subnet because on my network the router provides internet access for wired LAN and wireless. On wired network there are clients who carry out confidential work and they are accustomed to enable windows shares without password. And the wireless that I have is open network.
     
  14. Porter

    Porter LI Guru Member

  15. onehomelist

    onehomelist Addicted to LI Member

    Porter, I created a different vlan and I tried the script you gave me. It did not work. I even tried it on the existing LAN vlan, still it didn't work. Is there any way to troubleshoot why the script is not working?
     
  16. Porter

    Porter LI Guru Member

    For some reason i can't explain the shell is unable to substitute i.e. ${UPLINK} and isn't able to do calculations with the variables. I ended up filling in the rate by hand and then used my normal ppp0 interface to test the script. I haven't tested it thouroughly, just as a proof of concept. It worked so far.

    That's what it should look like: tc class add dev imq0 parent 1: classid 1:1 htb rate 200kbit burst 6k

    Unless someone can explain why the variables won't get interpreted you will need to put them in by hand.
     

Share This Page