How to limit download rate per user from a Linux access point?

1

1

I have a Linux based WiFi access point connected to the internet. How can I limit the download speed for each user to 200 kbps?

This is a simple question and I could find many "false duplicates" in Stack Overflow, but without an answer to my question:

  • Users come and go, so the number of users and their IPs are dynamic
  • The rate limit is for download, not upload
  • The rate is not for IPs, but for WiFi users (for example, if one user is also a router or a bridged hypervisor, it has multiple IPs)
  • The limit is not variable. It's 200 kbps even if there's a single user (so that no user drains the monthly Internet GB budget in a single day).

hdante

Posted 2017-12-22T03:49:34.187

Reputation: 149

Answers

0

This is not practical on your typical low-end router - the issue being the "rate is not for IPs but for wi-fi users - with the bridged hypervisor being the main issue".

Using something like DD-WRT You could set up a separate SSID and subnet for each user, with its contingent [bandwidth wastage] costs and complexity, and then do shaping on a per VLAN interface. A slightly more cost effective way might be to enforce OpenVPN or equivalent on each device, and then limiting outbound access to tunnels and shaping that - but its still a horrible solution.

Another possibility - assuming a purely WIFI setup - one which an ISP might use - might be to us use the WIFI as a base carrier for PPP, ie some kind of PPPoE or L2TP setup - and then packet shape the underlying PPP connection. This will also require each user to have appropriate software on their end.

If you are willing to forgo the "bridged hypervisor" situation, you could simply do packet shaping on a per MAC basis, and ensure that acceptable MACS are listed - this might be open to some level of abuse by someone sniffing MAC addresses.

davidgo

Posted 2017-12-22T03:49:34.187

Reputation: 49 152

Shaping with MAC address would be ok, having a fixed list of MAC address woudn't. The client list is dynamic and arbitrarily large. – hdante – 2017-12-22T13:06:26.343

If you don't have a fixed list how do you stop people from using multiple connections to get more bandwidth? – davidgo – 2017-12-22T13:09:41.660

I don't, I just rely on the fact that having another Wi-Fi radio costs money, so they would have limited motivation to do so. – hdante – 2017-12-22T13:12:18.740

Asked: 2017-12-22T03:49:34.187

Viewed: 181 times

Active: 2017-12-22T05:28:34.677