Bandwidth Throttling a single IP? Help?

james_blonde007

james_blonde007

james_blonde007

Associate
Joined
28 Jun 2003
Posts
456
Location
The Moon
Hi All,

I need help to traffic shape my blue zone on my firewall.
I want to throttle the bandwidth for a single IP number and not ports it is using.

I am running IPCOP V1.4.13.
I have the following setup,
Green Zone for my Internal LAN
Blue Zone for my wireless LAN, (ie my neighbor)
Red Zone contact to the outside world.

Basically if my neighbor is downloading stuff but I want to surf or take priority I want a fast way to lower his bandwidth.

There is a traffic shaping facility on in IPcop but I can’t seem to get it to do what I want. It does not seem to discriminate which zone you are throttling, I think it does it across the board to all zones.

It also only seems to accommodate for individual ports where I would like to just throttle an IP number.

Can I perform this from the existing options in IPCOP or can a bit of code be edited to achieve the desired result.

I am not super smart/code orientated but if given clear instructions I can implement them.

Can anyone help?
 
james_blonde007 said:
Hi All,

I need help to traffic shape my blue zone on my firewall.
I want to throttle the bandwidth for a single IP number and not ports it is using.

I am running IPCOP V1.4.13.
I have the following setup,
Green Zone for my Internal LAN
Blue Zone for my wireless LAN, (ie my neighbor)
Red Zone contact to the outside world.

Basically if my neighbor is downloading stuff but I want to surf or take priority I want a fast way to lower his bandwidth.

There is a traffic shaping facility on in IPcop but I can’t seem to get it to do what I want. It does not seem to discriminate which zone you are throttling, I think it does it across the board to all zones.

It also only seems to accommodate for individual ports where I would like to just throttle an IP number.

Can I perform this from the existing options in IPCOP or can a bit of code be edited to achieve the desired result.

I am not super smart/code orientated but if given clear instructions I can implement them.

Can anyone help?
Click to expand...

I am sure it can be done but what you are wanting to do is illegal by your ISP contract - so this thread might be deleted.

Rich
 
I am sure it can be done but what you are wanting to do is illegal by your ISP contract - so this thread might be deleted.

Rich
Click to expand...

I think that is a rash statement & I do not believe this thread should be removed (obviously that is the decision of the moderator).

I don't think you understand Rich. I am not doing anything illegal.
It is not illegal for me to connect to my broadband connection via a wireless connection and it is not illegal for me to throttle my own connection.

My neighbor borrows my laptop on the occasion and uses it to source material through my wireless connection to my broadband provider.

My question about bandwidth throttling still remains.
 
Sorry I can't help, but I seem to remember that traffic shaping etc has taken ages to become 'easy' (as in GUI control) on linux. Check out IPcop forums, or consider looking at a BSD based firewall / router which many people rate for shaping traffic.

I'm in a similar situation looking at a new small firewall box and was wondering how your wireless is hooked up, do you have a PCI card in your router only? Do you have an access point?

The only wireless devices I have is a Wii and Printer, (and a pci card/AP) but I would like to be able to connect to other networks wirelessly. and allow other pcs/networks to connect to me. Can I do it with IPcop?
 
james_blonde007 said:
I think that is a rash statement & I do not believe this thread should be removed (obviously that is the decision of the moderator).

I don't think you understand Rich. I am not doing anything illegal.
It is not illegal for me to connect to my broadband connection via a wireless connection and it is not illegal for me to throttle my own connection.

My neighbor borrows my laptop on the occasion and uses it to source material through my wireless connection to my broadband provider.

My question about bandwidth throttling still remains.
Click to expand...

The reason that I said it was illegal is the sharing with your neighbour - as ISPs contract to one address thats all.

Rich
 
The reason that I said it was illegal is the sharing with your neighbour - as ISPs contract to one address that’s all.

Rich
Click to expand...

Your remark is wrongly made on the assumption that the shared access was out with the boundaries of my property.

When you invite someone into your own home, make them a cup of tea and offer them something to eat you might regard this as 'sharing'.
In the same vein... if my neighbour was to come into my property and borrow my laptop to surf the internet (in the living room) while I read emails and posted messages such as this (in an alternative room) he would be sharing my internet access, would he not?

I put it to you that you have become confused with the context in which the words 'share' and 'neighbour' have been used.
 
whitecrook said:
Sorry I can't help, but I seem to remember that traffic shaping etc has taken ages to become 'easy' (as in GUI control) on linux. Check out IPcop forums, or consider looking at a BSD based firewall / router which many people rate for shaping traffic.

I'm in a similar situation looking at a new small firewall box and was wondering how your wireless is hooked up, do you have a PCI card in your router only? Do you have an access point?

The only wireless devices I have is a Wii and Printer, (and a pci card/AP) but I would like to be able to connect to other networks wirelessly. and allow other pcs/networks to connect to me. Can I do it with IPcop?
Click to expand...

Hi Whitecrook,
Thanks for your response.
I am currently running an old PIII 450 with IPCOP sitting on a nice quiet HD.
The rest of the PC is fanless including the processor. I am using a ZEN fanless PSU.
The very old MOBO has 3x network cards shoved in its slots (one might even be an old ISA socket card)

Card 01 - Red Zone - connects the firewall to the cable modem.

Card 02 - Green Zone - connects the firewall to my switch (wired LAN - hub)

Card 03 - Blue Zone - connects the firewall directly to my wireless WAP (wireless access point)

By keeping the blue zone separate you help make your wired LAN safer from potential unwanted external intrusion. PC's/devices connected in your blue zone (wireless) cannot see/communicate with PC's/devices on your green zone (wired) unless you specify. These are called 'pin holes'.

If you are not overly fussed about security then you can plug your Access Point directly into your Switch/Hub which is in turn connected to your Green Zone. All the wireless devices should be able to communicate with the devices on the wired LAN since they reside on the same network range.
Only requires 2x network cards.

If you do not have a wired network and only use wireless devices then you could plug your Access Point Directly into the Green Zone (card 02) and therefor only require 2x network cards.

Ultimately there are quite a few options available.
I think you should concentrate more on what equipment you want to use.

My old Pentium is in a large case and is hidden in a cupboard. I had been looking into replacing it with one of these SFF boxes that uses a mini MOBO with four network cards built into it.

So far I have found the cost expensive at about 200-400 pounds.
You can buy a wireless router with firewall capabilities for less so I have not convinced myself that the aesthetics combined with the capability of IPcop is worth the expense.

Caveat. Any of the above information may be incorrect and should be used as a rough guide.

HTH
 
deano said:
OP,

what you want is this:-

http://www.advproxy.net/

works a treat, will give you options for any internal interfaces you've setup, to throttle them.
Click to expand...

Magic Deano!

Enabled on <Interface> This enables the Proxy Server to listen for requests on the selected interface (GREEN or BLUE).
Click to expand...

Should indeed do the trick.

Guess i will have to get my hands dirty to get this working. I think I will save it for the weekend.

Can you explain the application putty to me, is it like telneting into the firewall box?

Like I said previously I just dable in Linux, Unix.
 
james_blonde007 said:
Your remark is wrongly made on the assumption that the shared access was out with the boundaries of my property.

When you invite someone into your own home, make them a cup of tea and offer them something to eat you might regard this as 'sharing'.
In the same vein... if my neighbour was to come into my property and borrow my laptop to surf the internet (in the living room) while I read emails and posted messages such as this (in an alternative room) he would be sharing my internet access, would he not?

I put it to you that you have become confused with the context in which the words 'share' and 'neighbour' have been used.
Click to expand...

I am using it in the terms of through the wall from one property to the next - not as he is invited round to your house for occassional use you only stated that in your last post.

I was only stating something that is a fact and that is a problem in the states - also could prove it if he did something illegal on your connection, how could you prove it was him and not you? it's your connection.

It was only some advice and not meant to cause offence which is obviously did, definately not what I intended.

Rich
 
It was only some advice and not meant to cause offence which is obviously did, definitely not what I intended.

Rich
Click to expand...

Nay bother Richie dude, nothing like a gid bit o' banter. :D
(banter, –noun 1. an exchange of light, playful, teasing remarks; good-natured raillery)

I knew what you were saying but did not like what you were implying, plus it was not constructive to getting a resolution to my query.
Either way progress has now been made and I will be kept busy on Sunday for sure, trying to implement one of the solutions.

Thanks Beserker as well for your tuppence, I will investigate.
 
deano said:
OP,

what you want is this:-

http://www.advproxy.net/

works a treat, will give you options for any internal interfaces you've setup, to throttle them.
Click to expand...

Deano... I need further guidance.
The proxy can be set to either...

ON & Non Transparent
ON & Transparent*

When in transparent mode no client (web browser) configuration is required but only port 80 (http) requests are re-directed to the proxy. No good for detecting and throttling Bit Torrent requests.

When in Non Transparent mode each client/browser has to be configured to go via the proxy. This mode redirects all internet requests via the proxy unless defined. This is the desired mode for me.

What i don't get is how does configuring your browser (in this case mainly IE) to go via the proxy affect other internet traffic requests that are not made via the browser, ie, bit torrent requests from the torrent app etc?

Does my query make sense?
 
hi, setting IE manually to use the proxy generally means other software looks to the IE settings and uses them to gain access to the internet :) However having just thought about it not sure if this works with P2P applications.

Give it a go see what happens and i'll see what can find out.

HTH
 
you can't shape (P2P) traffic with a http proxy server as far as I am aware. It's at a lower level. You need to configure your router to inspect the packets and queue the packets detected as p2p traffic.

It's probably worth pointing out, that you can't alter how traffic arrives into your network, what you are essentially doing is letting everything into your (red interface) and then holding back/re ordering/queuing all the packets that go out the green i/face to your LAN.

Here's a few links:

http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/
http://www.mastershaper.org/index.php/Main_Page
http://www.knowplace.org/pages/howtos/traffic_shaping_with_linux.php
 
You must log in or register to reply here.
Back
Top Bottom