How do I set up a proxy server for home with bandwidth control, download limit options?

17

6

3 room mates share a single 2 Mbps connection. Have a 40GB per month download limit beyond which speed drops to 256Kbps which is annoying.

One of the roommates abuses the connection by downloading beyond his quota limit. I have a Netgear WNR1000v2 Wireless router + ADSL Modem to connect to the internet. We all access internet via Wireless router which connects to ADSL Modem.

I need a free proxy solution which can help me set

  1. 40GB / 3 (13 GB) limit for each person (every person has 2 devices - a PC and a phone with Wifi)
  2. Uniform Bandwidth control - when 2 people browse the internet they should get 1 Mbps each, and when 3 people access, they should get 2Mbps divided by 3.
  3. After each person crosses their monthly download limit, they should be able to access the internet with 256Kbps speed only or lesser.
  4. Can I have a custom firmware on my wireless router do this (or) Do I need a proxy server ?

Please point me to any relevant tutorials (for example with Squid).

Update: I am not looking for router only/firmware solutions, I am open to running a proxy server on one of the PCs on the network or any other similar type of solutions.

Rajavanya Subramaniyan

Posted 2011-11-02T21:47:30.213

Reputation: 261

Answers

14

Don't do it with Squid : you need control for everything, not just for HTTP on port 80.

The answer requires iptables with the '--quota' option, which implements network quotas by decrementing a byte counter with each packet. The argument of "--quota" is a value in bytes.

There shall be one chain for each user. First rule of the chain counts down a 13 GB quota for packets from 192.168.0.2 and accepts the packet if it is below quota:

iptables -A INPUT -p tcp -s 192.168.0.2 -m quota --quota 13958643712 -j ACCEPT

Second rule of the chain classify over-quota packets in a tc class of your choice :

iptables -A INPUT -p tcp -j CLASSIFY --set-class 1:12

Then it's all classic traffic shaping : http://tldp.org/HOWTO/Traffic-Control-HOWTO/

Of course, you need to use static IP allocation or make sure that DHCP allocates addresses fixed by device's MAC address - and you need to block all addresses but the identified ones of the devices belonging to one of the three users.

By the way, you mention that "when 2 people browse the internet they should get 1 Mbps each, and when 3 people access, they should get 2Mbps divided by 3" but you can do better than that when you set up your traffic classes hierarchy: your requirement should rather be "when two people browse the internet they should not get less that 1 Mbps each, and when three people access, they should get not get less that 2 Mbps divided by 3" so that each can get more if the other people use less than their guaranteed throughput... And tc lets you do that !

Since your router is supported by openwrt and dd-wrt, you have all the tools you need !

Jean-Marc Liotier

Posted 2011-11-02T21:47:30.213

Reputation: 459

Awesome best answer! thank you very much.. but my router is not supported by openwrt or dd-wrt, only v1 and v3 of the same series are, mine is v2. So I will look into using an old machine in the same place. – Rajavanya Subramaniyan – 2011-11-18T17:27:14.477

4

I can't remember off hand if it supports all the features you mention, but I can highly recommend pfSense as a router solution. It's small enough to run of a USB disc, and provides a host of sharing solutions. I had the squid add-on installed for example to provide a transparent proxy to all the internal servers, and even at a package installed to get detailed reporting of network usage.

I also offers internet cafe type features, for example a logon page for guests to use the system. It's easy to set up in a VM, and there is a lot of documentation about how to install it with various different configurations.

I used this at home with 8 other machines. You might find, with it correctly setup, you may not need to introduce the limits as heavily as you have.

BinaryMisfit

Posted 2011-11-02T21:47:30.213

Reputation: 19 955

pfSense is great for a quick and easy setup with a web interface. If you want to learn more, just install OpenBSD and setup pf yourself, it's a lot of fun to learn. – SleighBoy – 2011-11-18T08:08:47.317

0

Your Netgear WNR1000v2 seems to be a semi-dumb device. All I found is that you can enable port-based or MAC-based QoS. You could set the QoS to "low" for your misbehaving root-mate.

Anything else requires more "brain" - i.e. a proper (intelligent) proxy.

Nils

Posted 2011-11-02T21:47:30.213

Reputation: 347

I don't see QoS options anywhere in the WNR1000v2 control panel, I also referred to the full user manual. Could you explain where exactly to find this and configure this please? – Rajavanya Subramaniyan – 2011-11-15T09:45:39.003

There is a PDF describing QoS on the WNR1000v2 Page

– Nils – 2011-11-16T20:02:51.547

0

Apparently, you can install on your router, at your own risk, the DD-WRT firmware http://www.dd-wrt.com/site/support/router-database which has extensive QoS features - http://www.dd-wrt.com/wiki/index.php/Quality_of_Service

ccpizza

Posted 2011-11-02T21:47:30.213

Reputation: 5 372

I explored this already, unfortunately mine is WNR1000v2, the firmware is available for v1 and v3 :( – Rajavanya Subramaniyan – 2011-11-14T11:36:05.240

Asked: 2011-11-02T21:47:30.213

Viewed: 18 198 times

Active: 2011-11-17T14:59:01.863