Capping by download / upload

Discussion in 'Tomato Firmware' started by vsboost, May 7, 2008.

  1. vsboost

    vsboost LI Guru Member

    Hi all i know all about QOS and access rules so please dont suggest them they dont do exactly what i need to, heres what i would like to achive.

    is there a way to slow down or possibly deny internet once a certain amount of downloads have been reached.

    just to make it a little clear we have a cable plan that allows 12gb peak and 24gb off peak. i would like to restrict one user so they can only use 6gb during peak and 12gb during off peak, once this user has reached the limit i would like to deny them internet or even slow it down to like 5kb/s.

    has anybody done this before ?

  2. bripab007

    bripab007 Network Guru Member

  3. jersully

    jersully LI Guru Member

    My first thought was access rules.

    Kidding! I web searched on tomato firmware quota and it looks like there is a quota extension for iptables.

    This would be a GREAT feature for future revisions. I know everyone has a feature or two they'd like added, but the usefulness of tomato quotas I think would be very widespread.
  4. HennieM

    HennieM Network Guru Member

    With current firmware, the only solution I can think of is to put together a bandwidth monitoring/capping set of scripts, and run them periodically. I list the basics, but there would be (way) more to it:

    Monitor the IP to be capped:
    iptables -I FORWARD -s
    iptables -I FORWARD -d
    may also have to add
    iptables -I PREROUTING -s
    iptables -I POSTROUTING -d
    Now, when you do
    iptables -L FORWARD -nv
    the bytes through that chain is shown.
    In a script, get the bytes for only
    GETBYTES=`iptables -L FORWARD -nvx | grep ".*all.**0\.0\.0\.0/0" -`
    GETBYTES=`expr "${GETBYTES}" : "^[[:alnum:]][[:space:]]\([[:alnum:]]\)[[:space]].*"`
    or something like that (I have NOT tested this - you want the 2nd number in the line).

    Now add the ${GETBYTES} bytes to a nvram or file variable somewhere (with expr), and then clear the byte counter for only.
    Once this nvram/file variable reaches whatever cap you want to impose, block

    I've thought about this, but never done it (too much "man iptables" and "man expr" I guess, so I'd appreciate it if somebody would... ;)
  5. Toxic

    Toxic Administrator Staff Member

  6. vsboost

    vsboost LI Guru Member

    Thanks guys, gives me something to do on the weekend :smile:
  7. jersully

    jersully LI Guru Member

    I'm very confused... I thought all Robson's script generator did was set up QoS and alter TTL??? Or was the suggestion to use it just to look at example scripts?
  8. ecufo

    ecufo LI Guru Member

    Have you guys tried playing with connbytes?
    I tried the following script that would drop the connection( when 3MB is reached:

    iptables -A INPUT -s -m connbytes --connbytes 3000000: -j DROP
  9. vsboost

    vsboost LI Guru Member

    That sounds good, now only if there were a way to implement something like that to drop the connection for 6gb during peak time 12:00pm - 12:00am, and 12gb off peak between 12:00am - 12:00 pm. then to reset every month.
  10. puddle

    puddle LI Guru Member

    thats exactly what ive wanted for ages...

    Tomato 1.19.8815 mod by Victek gets very very close... but doesnt take into account time or global usage...

    we are almost there i think...
  11. vsboost

    vsboost LI Guru Member

    Has there been any progress on this, ive been away for a while,

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice