- Posts: 15
- Thank you received: 0
IPCOP and limiting download throughput.
16 years 8 months ago #25324
by lawin
IPCOP and limiting download throughput. was created by lawin
I am new here and I've been searching for some answers on the IPCop capability to limit users download speed. I've never used IPCop or any firewall filtering program before. I am a newly hired Network Admin in a medium size seminary school. We use IPCop 1.4.18 as firewall/gateway and is directly connected to the DSL. We have unsecured WAP all over the campus for students who has laptops. We don't use proxy to connect to the internet and our network is configured as workgroup, not as a domain. I want to limit the download speed of anyone who passes the firewall/gateway. At the Download throttlling, I tried to set the Limit per host on Green to 128kb/s but I can still see some downloads of 500K/s- 1.5Mb/s. I have to use Banish to stop the download. Maybe I am not doing it right. Can anyone tell me how to set it correctly?
TIA
TIA
16 years 8 months ago #25328
by DaLight
Replied by DaLight on topic Re: IPCOP and limiting download throughput.
Have you got any QoS addons installed because the stock IPCOP installation does not allow control at the host level (at least from the GUI) It does it by prioritising protocols. Can you let know what addons you have installed?
16 years 8 months ago #25332
by lawin
Replied by lawin on topic Re: IPCOP and limiting download throughput.
DaLight, thanks for your reply. As I said, I am new on IPCop and I really don't know what addons are installed with it. How do you find which addons are installed?
TIA
TIA
16 years 8 months ago #25337
by DaLight
Replied by DaLight on topic Re: IPCOP and limiting download throughput.
From your initial post it would appear that you have the "Advanced Proxy" addon installed. Just to confirm your list of addons, go to the "Services" menu and post a list of all the menu items. This will give me more of an idea.
16 years 8 months ago #25348
by lawin
Replied by lawin on topic Re: IPCOP and limiting download throughput.
Here's what's under the Services Menu;
Advance Proxy
Update Accelerator 1.0.0
URL Filter 1.9.1
DHCP Server
Dynamic DNS
Edit Hosts
Time Server
Traffic Shaping
Intrusion Detection
Advance Proxy
Update Accelerator 1.0.0
URL Filter 1.9.1
DHCP Server
Dynamic DNS
Edit Hosts
Time Server
Traffic Shaping
Intrusion Detection
16 years 8 months ago #25354
by DaLight
Replied by DaLight on topic Re: IPCOP and limiting download throughput.
Right! That confirms what I thought. You have the "Advanced Proxy" addon installed, which is where you saw the "Limit per host on Green" setting. This setting and the others on the "Advanced Proxy" page are only applicable if your clients are being forced to use the proxy. The easiest way to control web traffic (at least on port 80) would be to check the "Enabled on Green" and "Transparent on Green" options.
This will have the effect of redirecting all port 80 traffic that tries to traverse your firewall. Thus you will be able to apply your speed limiting settings. It will not however trap any traffic on other ports. The advantage of this is that you will not need to make any changes to the client machines, hence the name "transparent proxying".
If you do want to control all ports, you will need to block all outgoing client access at the IP level using iptables, and then notify all your clients to enter the details of your IPCOP in their proxy settings. If not, all non-port 80 traffic will be blocked.
If you want to do the above, I can supply the appropriate iptables commands.
This will have the effect of redirecting all port 80 traffic that tries to traverse your firewall. Thus you will be able to apply your speed limiting settings. It will not however trap any traffic on other ports. The advantage of this is that you will not need to make any changes to the client machines, hence the name "transparent proxying".
If you do want to control all ports, you will need to block all outgoing client access at the IP level using iptables, and then notify all your clients to enter the details of your IPCOP in their proxy settings. If not, all non-port 80 traffic will be blocked.
If you want to do the above, I can supply the appropriate iptables commands.
Time to create page: 0.132 seconds