Hello all
   I need to configure an Asus WL-500g with White Russian for an working environment to limit bandwidth. I have installed the white russian but the QoS options are limited...
   Can you please help me make a script for limiting a group of ip's ( eg. 192.168.0.10 - 192.168.0.50  and 192.168.0.120 -  192.168.0.200 ) like:
     ports  1000 - 65000   DL 64 Kbs UP 64 Kbs
     ports  80, 81, 443, 21, 22  < 512 KB   no limit 
     ports  80, 81, 443, 21, 22  > 512 KB   DL 64 Kbs UP 64 Kbs
     
     This is for the employees that need internet access but I want to limit the video streaming web sites (like youtube...), internet radio(from winamp and others) and big downloads and so on 

    And for users like manager, director... there should be no limitation...

thank you

hi,

why do you use white russian? I would recommend backfire! the package qos-scripts is really powerfull and has just one configfile.
It works really great for me (at least with kernel 2.6, am not sure about 2.4).

http://wiki.openwrt.org/doc/uci/qos

you can classify and reclassify traffic by ip-address, ports, size,... and combinations of all of them
so set all traffic you don't want to "bulk". This should do the trick.
You wouldn't have an hardcoded bandwithlimit for this type of traffic, but it has a low priority so if any other traffic needs the bandwith it will get it. (which is a much better approach)
You can also set the priority of (time-)critical applications like voip to express or priority. But you shouldn't set the traffic of special users (regardless of how "special" they might be) to priority or express, because this would probably mess up everthing. Just set the traffic you don't want/need to bulk.

In my case I get this result: bulk traffic can use up to ~90% of the bandwith if no other traffic is present, but if traffic with a higher priority needs the bandwith the bulk traffic gets only up to 20%.

I would recommend only editing the configfile, and test it. if this doesn't satisfy your needs, you can think about messing with the scripts but then you really need to know what you are doing. you need to have knowledge about iptables and qos-algorithms.

Another fixed bandwidth approach is outlined here: https://forum.openwrt.org/viewtopic.php?id=23285
But as already mentioned, dynamic priorization is almost always better.

I understand that dynamic priorization is better, but in my case I need to stop users to watch videos or listen to radio all day long or even worst  torrents
so if you can offer me a solution for this I would be very grateful.

but if I put all traffic that I don't want in bulk can I set bulk to have max speed 64 Kbs ?

I'm not a big fan of the concept of dealing with social problems by technical solutions (restrictions). So my first suggestion would be this: tell your managers, directores... that if they treat their employees like adults there may be the chance that they would act like adults.

but if you are looking for a technical solution, you should add

option limitrate xx

to the definiton of the class "Bulk" in /etc/config/qos
you can set the limitrate as percentage of the linespeed (the upload- and download-values you set for your wan interface in the qos-configfile).

I'm not sure but in my qos-config I found this definitons:

config class "Normal"                
        option packetsize  1500   
        option packetdelay 100
        option avgrate     10        
        option priority    5     
config class "Normal_down"        
        option avgrate     20

so I guess it should be possible to add a "Bulk_down"-config with a different limitrate, if you need this.

Just curious that what kind of backfire build you are using. The qos script on 10.03.1 rc4 seems fine. But qos and iptables on trunk has problem. The difference is that 10.03.1 rc4 uses 2.6.32.16 kernel and the current trunk uses 2.6.35.9.

(Last edited by watermark on 14 Jan 2011, 19:10)

I did a svn-checkout from the backfire-branch some weeks ago.  Revision 24824. Works like a charme on a Netgear WNDR-3700

thank you for your answers
I have 2 more questions:
1. how can I redirect traffic from ports 20,21,80,443,81 with the packet size bigger then 512 kb to Bulk ? (youtube, music sites, downloads and so on)
     I tried this way but it didn't work

config reclassify
    option target       "Bulk"
    option proto        "tcp"
    option ports        "20,21,80,443,81"
        option pktsize      "512"
        option mark         "Bulk"
I put this just above    # Don't change
but still no limitation

2.  How can I put all the traffic ( any ports )  from an ip range   into normal traffic with no limitations ?

you can filter per ip/ip-range with the option srchost, dsthost
you can specify an ipaddress (optional with an corresponding netmask if you want to filter a subnet e.g. 192.168.1.0/24)
You probably need two rules one where you specify only the dsthost and one where you specify only the srchost

to the pkgsize: I think your rule only matches packages with exactly 512 Bytes.

If you want a range you have to do it like this: min:max
512:1000 for packages between 512 and 1000
512: for packages bigger than 512
:512 or 0:512 or -512 for packages smaller than 512.

and you can specify "srcports" and "dstports" separatly.

the wiki for qos isn't complete you can check the /usr/lib/qos/generate.sh for all options.

btw. I'm not sure that all this streamingservices are only http-traffic (e.g. rtmp://, mms://,... are on different ports) and even if they are http-traffic they might be on another ports, too. maybe you should think about level7-filtering

hello
thank you for all the information, but I didn't managed to limit the bandwidth for packets higher than 512 kb I tried with "512:" "512-" "512:100000" at the pktsize
and at the config I tried classify, reclassify, default but the only 2 answers I get from the rooter are the folowing :
1. the limitation doesn't work for the conditions above
or
2. after I reboot the router it doesn't gets ip from ISP any more.. so the net isn't working
do you have a solution for this problem, or a script that works ??

thank you

nobody knows how to limit the bandwidth for specific ports and pktsize ?

I did install the default qos-scripts ipk package but noting is filtered
I did
cat /proc/net/ip_conntrack
and no packets are marked
packets=3 bytes=144 [UNREPLIED] src=96.55.214.238 dst=77.28.244.60 sport=55354 dport=2351 packets=0 bytes=0 mark=0 use=2
tcp      6 89 SYN_SENT src=192.168.0.39 dst=82.10.207.108 sport=2417 dport=38592 packets=3 bytes=144 [UNREPLIED] src=82.10.207.108 dst=77.28.241.60 sport=38592 dport=2417 packets=0 bytes=0 mark=0 use=2
I thinks that deualt script is not working very good.

Can someone advice me what can I make to get torrents stop.

OK, I managed to limit download speed by adding option limitrate 'xx' to every _down config class. It works even if I delete every _down config class and add limitrate to every plain config class. So it looks like

config class 'Priority'
    option packetsize '400'
    option avgrate '10'
    option priority '20'
    option limitrate '100'

config class 'Express'
    option packetsize '1000'
    option avgrate '50'
    option priority '10'
    option limitrate '40'

config class 'Normal'
    option packetsize '1500'
    option packetdelay '100'
    option avgrate '10'
    option priority '5'
    option limitrate '20'

With next settings in LUCI

I get download speed limited at 4Mbit at IP 1.30 (40% of global Download speed 10240) and 2Mbit at IP 1.130. But upload always hits 10Mbit as set at global Upload speed (see at top of the screensot).

One question: WHY?!! And how can I limit upload speed?

(Last edited by zaqik on 11 Jul 2016, 14:54)