Rate limiting an internet connection per user
Solution 1
Depending on the appliance you go with, you may be able to apply QoS rules by IP Address or switchport.
Setting up DHCP with reservations for each machine, then targeting specific machines with a QoS Rule on their IP address may be the easiest way to go.
As far as appliances go, Zeroshell seems promising, and delivers its distribution (Linux-based with a web frontend and ssh) in different forms, including LiveCDs and VMWare appliances.
Full disclosure: I'm no way affiliated with ZeroShell, but I'm considering implementing it in the house I'm currently living at as a router/default gateway/DHCP server/QoS Rules/VLAN Routing. Fun stuff!
Solution 2
Actually I think in this particular case of "some tennants are somewhat hogging the internet (i.e. constantly downloading)" I think its safe to assume that QoS would actually help a great deal. Give web and/or VoIP traffic a preference over download traffic, etc.
All that aside, I think pfSense might be a solution for you as I believe it can give you some pretty granular control over things.
If nothing else... a cheap managed switch (from eBay, etc) would probably do the trick. ;-)
Hope this helps!
Solution 3
what you're looking for is "traffic shaping"
According to monowall's feature page, traffic shaping is a standard feature. I don't see an easy to find feature page for Smoothwall, but it's also highly recommended and I would expect it to likely include a similar feature.
Solution 4
This question always opens up a can of worms. This is because traffic shaping is easiest done by IP address but doing it by IP makes it fairly easy to circumvent. There's no reason the user can't use a switch and have multiple machines or multiple NIC's abusing the bandwidth. And is there wireless in this building? Is it coming from access points or a router? If your wireless is on a separate router from the wired then that entire subnet will have to share the limited bandwidth. This is why it's best to place each room in their own VLAN and set the equipment to limit each VLAN to a certain amount of ingress and egress traffic. How? With expensive equipment.
What I would do is spend a few hundred bucks on a SOHO router/firewall that can do rudimentary limiting by IP. It's not perfect but it's simple. I like the boxes from DrayTek because, for me, they have been pretty solid routers at a reasonable price.
Solution 5
If you don't mind installing an additional PC to act as a bridge on the network, this software may be of help.
http://www.softperfect.com/products/bandwidth/
I'm using SPBWM with my cable connection to limit the available bandwidth on a per IP bases.
Here is a diagram of my network.
http://coreybrett.com/images/Network_Diagram.png
I have a rule for each address on my subnet, that limits bandwidth to 1Mbit/256k.
Related videos on Youtube
34 : 36
16 : 11
06 : 05
![How to LIMIT Internet Speed of WiFi Users [2020]](https://i.ytimg.com/vi/FKxZXW8Ii10/hq720.jpg?sqp=-oaymwEXCNAFEJQDSFryq4qpAwkIARUAAIhCGAE=&rs=AOn4CLCxfuu8Moor4o1kifNi7bppsVmxTg)
03 : 41
02 : 56
Alister
A Delphi developer who enjoys guitar, piano (learning), martial arts - and a range of other geeky activities.
Updated on September 17, 2022Comments
-
Alister over 1 year
I've got a friend who has a "rent-by-room" property and includes internet access as part of this. However some tenants are somewhat hogging the internet (i.e. constantly downloading). I was wondering if anyone knows of a fairly easy way of rate limiting each connection to make the system more equitable. A preferred solution would be a cheap piece of hardware or some sort of Linux "appliance". I would rather not have to get an iptables headache if this is avoidable.
-
John Gardeniers over 14 yearsCertainly Smoothwall includes traffic shaping in the form of its QOS settings but this is not per user, so is unsuitable for Alister's friend.
-
scotthere over 14 yearsWeb traffic is not always distinguishable over download traffic. And I have never found a cheap managed switch that will shape network traffic by port. I have never found expensive switches that do it, it is generally built into Firewall/Router type devices.
-
KPWINC over 14 yearsI agree with you about trying to distinguish traffic. Every once in a while you can get lucky though using QoS. ;-) As for traffic shaping by port, Ive seen some Cisco products do this. You have to apply a bandwidth policy. If I recall there are 2 options, one guarantees bandwidth, the other guarantees bandwidth, plus allows usage of unused bandwidth.
-
Greeblesnort over 14 yearsTo get a true "per user" solution, you're going to have to either configure some form of authentication like 802.1x, or rely on the internal source address for shaping. I've done something kinda similar for our first round of wireless using freeradius and chillispot, but it was more of an accounting for traffic versus real traffic shaping.
