Bandwidth caps for B&Bs

We provide free wireless internet access for our B&B and holiday home guests. Up till now they have just been using our home wireless network, and we’ve been hoping they don’t (a) hack us or (b) use up our 120GB/month quota with Telecom. We’ve also been forced to get them to type a 26-character WEP password, as our home wireless network has to be that dumb to allow the Wii to attach. Filtering on IP address would have been a lot of work, as the B&B quota is separate from the HH quota, and both sets of guests may bring multiple devices.

Anyway, I’ve now thrown hardware at the problem. For the princely sum of NZ$102, I’ve acquired 2 Linksys routers – a WRT54G and a WRT54GL (the GL is still in the mail). Once installed with OpenWRT, they get limited to 1GB of transfer, renewed at noon each day.

Setting up the quota involves editing the file /etc/firewall.user. Here’s how I’ve done it. FORWARD_main is the default FORWARD chain. iptables -E doesn’t allow you to rename the built-in chains.

iptables -N FORWARD_main
iptables -A FORWARD_main -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD_main -j forwarding_rule
iptables -A FORWARD_main -j forward
iptables -A FORWARD_main -j reject
iptables -A FORWARD_main -j REJECT
iptables -N FORWARD_quota
iptables -A FORWARD_quota -m quota –quota 1000000000 -j FORWARD_main
iptables -F FORWARD
iptables -A FORWARD -j FORWARD_quota
iptables -A FORWARD -j REJECT

Then, to renew the quota every day, I have the following script in /etc/quotareset:

date >> /var/log/quotareset
iptables -L FORWARD_quota | grep quota: >> /var/log/quotareset

iptables -R FORWARD_quota 1 -m quota –quota 1000000000 -j ACCEPT

date >> /var/log/quotareset
iptables -L FORWARD_quota | grep quota: >> /var/log/quotareset

which gets called by cron. Here’s the crontab

root@asphrtr:~# crontab -l
0 12 * * * /etc/quotareset

Anyway, that should be enough for me to repeat the feat when the next router arrives. Hopefully it wil help someone else, too.

Advertisements

2 Responses to “Bandwidth caps for B&Bs”

  1. deinotes Says:

    I forgot that you need to install the iptables quota module.

    opkg install iptables-mod-extra

    should do it.

  2. deinotes Says:

    echo “At” > /www/quota.html
    date +%H:%M >> /www/quota.html
    echo “your remaining quota was” >> /www/quota.html
    iptables -L FORWARD_quota | grep -oE [0-9][0-9]+ >> /www/quota.html
    echo “bytes.<br>This status page is updated once per minute.” >> /www/quota.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: