Archive for September, 2012

Bandwidth caps for B&Bs

September 18, 2012

We provide free wireless internet access for our B&B and holiday home guests. Up till now they have just been using our home wireless network, and we’ve been hoping they don’t (a) hack us or (b) use up our 120GB/month quota with Telecom. We’ve also been forced to get them to type a 26-character WEP password, as our home wireless network has to be that dumb to allow the Wii to attach. Filtering on IP address would have been a lot of work, as the B&B quota is separate from the HH quota, and both sets of guests may bring multiple devices.

Anyway, I’ve now thrown hardware at the problem. For the princely sum of NZ$102, I’ve acquired 2 Linksys routers – a WRT54G and a WRT54GL (the GL is still in the mail). Once installed with OpenWRT, they get limited to 1GB of transfer, renewed at noon each day.

Setting up the quota involves editing the file /etc/firewall.user. Here’s how I’ve done it. FORWARD_main is the default FORWARD chain. iptables -E doesn’t allow you to rename the built-in chains.

iptables -N FORWARD_main
iptables -A FORWARD_main -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD_main -j forwarding_rule
iptables -A FORWARD_main -j forward
iptables -A FORWARD_main -j reject
iptables -A FORWARD_main -j REJECT
iptables -N FORWARD_quota
iptables -A FORWARD_quota -m quota –quota 1000000000 -j FORWARD_main
iptables -F FORWARD
iptables -A FORWARD -j FORWARD_quota
iptables -A FORWARD -j REJECT

Then, to renew the quota every day, I have the following script in /etc/quotareset:

date >> /var/log/quotareset
iptables -L FORWARD_quota | grep quota: >> /var/log/quotareset

iptables -R FORWARD_quota 1 -m quota –quota 1000000000 -j ACCEPT

date >> /var/log/quotareset
iptables -L FORWARD_quota | grep quota: >> /var/log/quotareset

which gets called by cron. Here’s the crontab

root@asphrtr:~# crontab -l
0 12 * * * /etc/quotareset

Anyway, that should be enough for me to repeat the feat when the next router arrives. Hopefully it wil help someone else, too.


September 18, 2012

I’m mostly (i.e. about once a blue moon) blogging over at my crossword blog lately. But there’s another post coming here any minute now.