Page 1 of 1
Share house shaping & limiting
Posted: Mon Sep 06, 2010 5:01 am
by smz
First and foremost - a thank you to the good people at Gargoyle great work!
Here is an overview of my network and situation. My network consists of this.
dsl modem —> wrt54gs connected via ethernet that will feed the sharehouse.
What I would like to achieve is to :
1. Block all p2p use to the wrt54gs using gargoyle.
2. I would like to assign a total over all bandwidth quotas to each user giving 20gig total up/down bandwidth.
3. Have each user white-listed so if any unknown devices connects they cant get internet.
4. limit the overall up/download speeds to users using gargoyle.
5. Is it possible to save the bandwidth usage to a network share?
Is this possible to achieve and is there an easier way to do this?
Thanks,
Tom.
Re: Share house shaping & limiting
Posted: Mon Sep 06, 2010 6:21 am
by bluscape
I cant see any easier way in doing it. I have a similar network structure.
1.) I'm not sure what it is that you would like to block (meaning I'm not sure what is the context of p2p here). Gargoyle does have the functionality to shape but to be honest someone else can elaborate better on this as I have not done this myself.
2.) In firewall->quotas you can assign bandwidth quotas to users and it works very nice.
3.) In firewall->restriction->exceptions you can configure a white list based on IP, IP range or MAC address. You can also set a wireless MAC filter that only allows wireless users with a MAC in the list.
4.) Either using Quotas or QoS you can shape the bandwidth globally. Quotas can be applied to the entire network, a selected group of users or a single user.
5.) Yes, but you will have to do it manually or write some script to do it for you. But each user will be able to see his bandwidth usage only by browsing to the router (he does not have to log on).
The router will also show when he reached his cap.
I would recommend that you use the DHCP to set a list of static IP's with their corresponding MAC addresses for all the users. This way each user is assigned the same IP every time he connects and it is easier to manage the bandwidth in this manner. You also have the option the block any static IP connecting from a different MAC.
I will also recommend that all the users connect to a switch and only the switch connects to the router. There are two reasons for the switch. 1.) Al the local traffic is routed by the switch and does not have to pass through the router. 2.) This is not confirmed, but it seems like the router adds local traffic as internet bandwidth usage which is not what we want and therefore makes the switch necessary.
You will connect your router WAN port to the DSL modem LAN port. Configure your router in connection->basic->LAN/WAN for DHCP (Wired) such that the DSL modem assign it an IP. If your DSL modem does not have a DHCP then assign a static IP to the router.
Since I've done this before, I've already drawn a network structure.
Re: Share house shaping & limiting
Posted: Mon Sep 06, 2010 8:04 pm
by smz
bluscape wrote:I cant see any easier way in doing it. I have a similar network structure.
1.) I'm not sure what it is that you would like to block (meaning I'm not sure what is the context of p2p here). Gargoyle does have the functionality to shape but to be honest someone else can elaborate better on this as I have not done this myself.
What I am planning on achieving is to rid the share house of torrent downloading to preserve my data cap as much as possible.
I have another spare wrt and noticed ddwrt can block all p2p, could I insert the ddwrt wrt with all block all p2p checked between the modem and the gargoyle wrt54gs ??
2.) In firewall->quotas you can assign bandwidth quotas to users and it works very nice.
I am going to give this a try
3.) In firewall->restriction->exceptions you can configure a white list based on IP, IP range or MAC address. You can also set a wireless MAC filter that only allows wireless users with a MAC in the list.
and try this too
4.) Either using Quotas or QoS you can shape the bandwidth globally. Quotas can be applied to the entire network, a selected group of users or a single user.
Looks like I'll certainly be implementing this.
5.) Yes, but you will have to do it manually or write some script to do it for you. But each user will be able to see his bandwidth usage only by browsing to the router (he does not have to log on).
The router will also show when he reached his cap.
how does the user log on to see the bandwidth use, with out entering the password protected admin panel ?
I would recommend that you use the DHCP to set a list of static IP's with their corresponding MAC addresses for all the users. This way each user is assigned the same IP every time he connects and it is easier to manage the bandwidth in this manner. You also have the option the block any static IP connecting from a different MAC.
I have set this up now
I will also recommend that all the users connect to a switch and only the switch connects to the router. There are two reasons for the switch. 1.) Al the local traffic is routed by the switch and does not have to pass through the router. 2.) This is not confirmed, but it seems like the router adds local traffic as internet bandwidth usage which is not what we want and therefore makes the switch necessary.
great idea for simplifying things, thanks!
You will connect your router WAN port to the DSL modem LAN port. Configure your router in connection->basic->LAN/WAN for DHCP (Wired) such that the DSL modem assign it an IP. If your DSL modem does not have a DHCP then assign a static IP to the router.
yes I have the modem pluged in the wan port and the down stream computers plugged into the lan ports
Since I've done this before, I've already drawn a network structure.
thanks for your advice !
Re: Share house shaping & limiting
Posted: Mon Sep 06, 2010 9:01 pm
by bluscape
If the user is in the quota list and he browse to the router for example by typing 192.168.1.2 into his web browser he will see the following page
- 3.JPG (31 KiB) Viewed 6964 times
Therefore the user can see his quota usage without logging onto the router.
Another nice feature is when the user exceeds his quota, the router will automatically direct him to the following page
- 2.JPG (29.35 KiB) Viewed 6966 times
Re: Share house shaping & limiting
Posted: Tue Sep 07, 2010 12:40 am
by DoesItMatter
http://www.ipp2p.org/
you can check that for P2P blocking
You will also have to do a bunch of IPTables rules to block P2P
It's not always effective if using encrypted P2P sessions
See here:
http://serverfault.com/questions/27088/ ... -protocols
If they are intuitive and persistent, they will get P2P through.
Re: Share house shaping & limiting
Posted: Wed Sep 08, 2010 1:19 am
by smz
Thanks Bluscape, I have implemented most of the things you have suggested, and its working great, now that I can get the users to monitor their usage its
alot easier to extract their share of the bill
Re: Share house shaping & limiting
Posted: Wed Sep 08, 2010 1:20 am
by smz
This looks pretty good, Im going to have to tinker with installing it on my wrt54gs, has anyone else here installed it before on a wrt54gs ?
thanks,
Tom
Re: Share house shaping & limiting
Posted: Wed Sep 08, 2010 7:08 am
by pbix
While ipp2p was supported under Kamikaze this support was removed under Backfire by the OpenWRT folks. You will not be able to use ipp2p in any of the recent versions of Gargoyle.
In reality ipp2p is not effective in blocking P2P traffic. The question of how to block/limit P2P traffic is often asked and I can tell you there are no good ways to block it specifically.
My advice to you is to use the Quota system to control P2P traffic. When faced with a personal budget your users will make the right decision.
Starting with v1.3.5 Gargoyle included shaping based on connection bytes. This means if any given connection reaches a threshold of transferred bytes you can change its QoS class. This can be used to slow down large downloads to prevent them from consuming all your download bandwidth. While not specific to P2P it could be helpful.