Loophole of quota function

Report issues relating to bandwith monitoring, bandwidth quotas or QoS in this forum.

Moderator: Moderators

yc3948
Posts: 164
Joined: Sat Sep 10, 2011 1:04 am

Loophole of quota function

Postby yc3948 » Sat Jan 07, 2012 5:34 am

As Gargoyle only has wireless MAC address filter but cannot block LAN MAC address, so if the user sets static IP and plug into LAN port they can use other people's quota. So I need solution to block the LAN MAC address, I mean LAN MAC address filter function.

Hope I have explained clearly. Thanks.
Buffalo WZR-HP-G300NH2 DD-WRT v24SP2-MULTI (10/31/11) std
Buffalo WZR-HP-G300NH Gargoyle 1.5.9+1f082daf
Linksys WRT54GL Gargoyle 1.4.4
TP-Link TL-WR1043ND Gargoyle 1.5.9+1f082daf

yc3948
Posts: 164
Joined: Sat Sep 10, 2011 1:04 am

Re: Loophole of quota function

Postby yc3948 » Sat Jan 07, 2012 5:39 am

I look for solution block the LAN MAC address, I mean LAN MAC address filter function. Only allow the list MAC address connecte on LAN port as well.

Thansk
Buffalo WZR-HP-G300NH2 DD-WRT v24SP2-MULTI (10/31/11) std
Buffalo WZR-HP-G300NH Gargoyle 1.5.9+1f082daf
Linksys WRT54GL Gargoyle 1.4.4
TP-Link TL-WR1043ND Gargoyle 1.5.9+1f082daf

Eric
Site Admin
Posts: 1436
Joined: Sat Jun 14, 2008 1:14 pm

Re: Loophole of quota function

Postby Eric » Sat Jan 07, 2012 1:21 pm

Please stop posting the same thing in multiple forums. One post is quite sufficient -- otherwise it's spam.

If you do it again, I'll ban you.

yc3948
Posts: 164
Joined: Sat Sep 10, 2011 1:04 am

Re: Loophole of quota function

Postby yc3948 » Sat Jan 07, 2012 4:25 pm

Eric wrote:Please stop posting the same thing in multiple forums. One post is quite sufficient -- otherwise it's spam.

If you do it again, I'll ban you.

Sorry about this
Buffalo WZR-HP-G300NH2 DD-WRT v24SP2-MULTI (10/31/11) std
Buffalo WZR-HP-G300NH Gargoyle 1.5.9+1f082daf
Linksys WRT54GL Gargoyle 1.4.4
TP-Link TL-WR1043ND Gargoyle 1.5.9+1f082daf

Cachorro
Posts: 44
Joined: Sat Jun 15, 2013 7:38 am

Re: Loophole of quota function

Postby Cachorro » Sat Jul 27, 2013 8:11 am

I'd be interested in this too. But believe the only way to properly lock wired LAN is only by the use of a 'managed switch', and restrict mac addressing there.

Has anyone been able to do this via Gargoyle.

Thanks.

pbix
Developer
Posts: 1365
Joined: Fri Aug 21, 2009 5:09 pm

Re: Loophole of quota function

Postby pbix » Sun Jul 28, 2013 4:07 am

The original poster on this thread was confused.

To "lock down" your LAN you need to assign static IP address based on MAC address for all the computers you wish to service. This is done on the connection DHCP screen.

Then check the box on the same screen labeled
"Block MAC addresses assigned a static IP that connect from a different IP"

Then quota rules for the IP addresses as you like and a catch all quota to pickup everyone else and do what you want with them.
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM

Cachorro
Posts: 44
Joined: Sat Jun 15, 2013 7:38 am

Re: Loophole of quota function

Postby Cachorro » Sun Jul 28, 2013 6:12 am

Hi Pbix, and thank you for your reply.

I have tried this, and it does not work. Being that the computer on the LAN have its MAC listed in the DHCP Pool or not, it will still be allowed access to WAN when I manually assign it an IP that is in the non-restricted IP Range.

This is my device and its status while testing this again just now:
Device Name:Gargoyle
Gargoyle Version:1.5.10
Model:TP-Link TL-WR1043N/ND v1
Device Configuration:Gateway
Memory Usage:18.1MB / 28.5MB (63.4%)
Connections:47/4096
CPU Load Averages:0.33 / 0.12 / 0.14 (1/5/15 minutes)

Kind Regards,
Cachorro.

User avatar
ericwong
Posts: 428
Joined: Sat Aug 25, 2012 6:15 am
Location: Melbourne, Australia
Contact:

Re: Loophole of quota function

Postby ericwong » Sun Aug 11, 2013 11:05 am

One alternative solution for you would be to set a quota for "all hosts without explicit quota" to zero and you set the speed limit you want to impose on that.

Anyone who connect to your LAN without an assigned quota will automatically fall into this group. You could simply set it to "Shut down all internet access" or throttle it to a very slow speed.

This is what I do here ;)
Eric Wong

PM me if you need to buy Gargoyle router in Australia/NZ, willing to pay me to help you on your Gargoyle configurations or build custom configured ROM with pre-installed app or try to fix your bricked router. Yes, I am looking for job/work.

Cachorro
Posts: 44
Joined: Sat Jun 15, 2013 7:38 am

Re: Loophole of quota function

Postby Cachorro » Mon Aug 12, 2013 6:27 am

Hi Eric,
Yes, that would work. And has worked unless someone witty and willingly comes along to 'steal' someone else's Quota by setting their IP to a known IP that is allowed and has still quota available.

Mainly, what I have discovered is resolved by the DHCP tick of "Block MAC addresses assigned a static IP that connect from a different IP", which does not seem to want to work for me.

Say, as I have tested:
I have two computers with their MACs in the DHCP pool assigning them with an IP, say 1 and 2.
If I change the IP on computer #2, to the IP of #1, the router still happily allows traffic thru the gateway and it consumes #1's Quota.
Is this a known issue?
I am happy to send you any of my router's config and logs if you would like to have a look at them (on PM).

Thanks,
Cachorro./

Cachorro
Posts: 44
Joined: Sat Jun 15, 2013 7:38 am

Re: Loophole of quota function

Postby Cachorro » Tue Sep 24, 2013 3:05 am

Hi,
Has anyone been able to resolve this? :?:
Thanks.
Attachments
gargoyle_-Block_MAC_addresses_assigned_a_static-.png
gargoyle_-Block_MAC_addresses_assigned_a_static-.png (16.42 KiB) Viewed 6372 times


Return to “Monitoring / Quota / QoS Issues”

Who is online

Users browsing this forum: No registered users and 2 guests