Speed limit and QoS

Discussion in 'Tomato Firmware' started by namaste, Oct 5, 2007.

  1. namaste

    namaste LI Guru Member

    I am trying to limit the speed of my lan connection from QoS. I have set it to the lowest level. But some how still it goes above the 100kbps download and sucks all the BW. Also, I want to limit the tcp and udp connection limit, but it seems that this script doesnt work. I am using the latest firmware of tomato.

    iptables -I FORWARD -s -p tcp -m connlimit --connlimit-above 150 -j DROP
    iptables -A FORWARD -p UDP -s -m limit --limit 50/s -j ACCEPT
    iptables -A FORWARD -p UDP -j DROP
    iptables -I FORWARD -s -p tcp -m connlimit --connlimit-above 10 -j DROP
    iptables -A FORWARD -p UDP -s -m limit --limit 30/s -j ACCEPT
    iptables -A FORWARD -p UDP -j DROP

    neither the 117 nor 106 has any effect.
  2. GeeTek

    GeeTek Guest

    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 105 -j DROP

    That works for my TCP limit. I would like to learn how to limit UDP as well.
  3. u3gyxap

    u3gyxap Network Guru Member

    To limit udp connections to 10, except for DNS requests, do:
    edit: nevermind, still working on it
  4. namaste

    namaste LI Guru Member


    For lan connection that doesnt work :( If possible can you please post for the lan one's. And how the hack do I limit the download speed for lan.

    In DDR WRT their is basically a option to limit the lan connection speed from 100K to 10Mb. But in tomato no option :( Is their anyway to do this or its not possible in tomato?

  5. u3gyxap

    u3gyxap Network Guru Member

    Try without the --syn.
    Or simply use the wrt54g script generator.

    GeeTek, specially for you, the most elegant workaround for udp:

    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 105 -j DROP
    This effectively limits all non-tcp connections (which will be udp and icmp) to 105 per the IP range specified.
  6. nassarp

    nassarp LI Guru Member

    Try QoS--> Basic Setting and then select the required speed for the priority class. Select the QoS-->Classification and enter the IP address, port range for the appropriate LAN to control. (src. IP number base works fine than src. MAC address)

  7. GeeTek

    GeeTek Guest

    Thank you Sir ! I'll start working with that right now !
  8. GeeTek

    GeeTek Guest

    When you said "sucks all the bandwidth" in your first post I thought you were talking about your interent connection. I don't think there is an easy way to limit lan to lan speeds or connection counts. Tomato QOS applies to WAN-LAN connections.
  9. Mercjoe

    Mercjoe Network Guru Member

    Indeed this does work.

    I used this method to limit my teen to basically a 56K connection with it. I used a QOS rule (1st one on the list) with his MAC address to default it to speed range 'E'. I then set the inbound and outbound limits on 'E' to approx 56K. No matter what he did, he could not send or recieve any faster that the connection limit I defined.
  10. u3gyxap

    u3gyxap Network Guru Member

    Aaaah, we are talking about LAN speeds and not routing? Then, you are screwed.
  11. namaste

    namaste LI Guru Member

    Thanks, dude. One problem u solved, but how do i limit the speed for lan connections?
  12. u3gyxap

    u3gyxap Network Guru Member

    You don't. LAN connection are not routed, but bridged, therefore not manageable with this equipment.
  13. GeeTek

    GeeTek Guest

    Majik ! I was logged into one of the hotels and one user had almost 500 UDPee connections open. The remote access was even a little sluggish. I set the script for 50 connections and rebooted the router. Now he is red-lined at 50 UDP connections and everything is nice and snappy. Thanks again ! TCP and UDP max connections fields would make a great add on for the next Tomato. :biggrin:
  14. u3gyxap

    u3gyxap Network Guru Member

    Most welcome.
    I don't know about integrating it in Tomato, but sure makes sense if it is integrated in Robsonn's script generator.
