firewall/bandwith limiting on ubuntu
Harry Strongburg
harry.ubuntu at harry.lu
Mon Aug 16 10:38:01 UTC 2010
On Mon, Aug 16, 2010 at 01:07:30PM +0300, James Mutuku wrote:
> It's a server-client network, which will
> 1. have routing capabilities
> 2. host a web application, web server and database server
> 3. Act as the firewall/bandwidth limiter
> 4. Segment 3 networks(free wireless internet access point(initially support
> up to 40 clients), private business LAN(wireless)(10 clients) and the
> internet)
> 5. The private business LAN should only access the web application and the
> internet
> 6. Only the free wireless access point should be bandwidth limited
All right, more information, wonderful!
I assume you have one interface for each network segments? I also assume
you are running Ubuntu as the main routing device? Example: a cable
modem goes onto the eth0 of the Ubuntu desktop, and the Ubuntu desktop
has eth[1..3], for each segment of the network? Having individual
network segments work the best / are the easiest to manage (in my
opinion). If you do have a seperate NIC for each device connected
("three network segments"), your request is easy to handle.
I suggest you look into wondershaper. It can limit the up- and down-
speeds on each interface. Limit the "free wireless" (eth1, as an
example) to whatever you want; "sudo wondershaper eth1 DOWNLIMIT
UPLIMIT". Replace DOWN- and UP- limit with however many kilobits/s you
want this interface to have access to. Please note that wondershaper by
itself will not "equally" share the bandwidth on the wireless clients,
but it does a pretty swell job on not going over whatever limit you set
(one person (ab)using your free wireless for torrents will make the
network for everyone else on the free wireless go slow, but it should
not make the people on the other interfaces go slow (unless you allot
too much to the free wireless device)).
You can do the same to the other more private devices. I don't know why
you would need to (unless those devices are "untrusted", ie. abusing the
bandwidth as well).
Anyways,
> 1. ease of configuration
Wondershaper is easy to setup and configure. It's one of the easiest and
most powerful simple bandwidth limiting tool I have ever seen.
> 2. feature rich
It should do everything you requested!
> 3. reporting interface(preferably web)
Wondershaper will not do this. But what will?:
vnstat. It's a CLI tool, but there is a front-end
(http://www.sqweek.com/sqweek/index.php?p=1). The CLI controlling of it
is very simple, and easy to understand, so I suggest NOT installing that
PHP frontend to it. So, you will want to create a new vnstat database
for each interface. Make sure vnstat is installed first (sudo apt-get
install vnstat), then run "sudo vnstat -u -i ethX" (replacing "ethX"
with each network device). Make sure vnstatd(aemon) is running (it
should by default, "ps aux|grep vnstat" will confirm this), and now
you're pretty much done!... In a few hours (or less, depending on your
network use), "vnstat -i ethX -m" (again, replace ethX with interface)
will produce a nice little graph of you use. See "man vnstat" for all
the other cool tricks it can do.
If you're using a different setup other than one interface per "group of
people" (as I think you are), then I can not assist you further. If you
are using this setup, wonderful; I hope I helped.
More information about the ubuntu-users
mailing list