Wifi – bandwidth throttled for guest – part2

To give internet access to the friends of our Bandits who visit us, I have set up a password free WiFi guest network. This network is made available on all our routers, but bandwidth is throttled to 2 Megabit Download, and 1 Megabit upload speed. This should be plenty for most things but still don’t invite them to sit and see youtube videos while here.

Quality of service is used to throttle the bandwidth, it is hard to understand that dropping internet packets on purpose is the purpose of Quality of service. But it can actually result in a better more stable system, since tcp will adapt to the speed available.

To use Quality of Service we need to install a few packages

opkg update
opkg install sqm-scripts lucy-app-sqm

Now we need to configure it, which could be done via the WEB-interface, but doing it via the commandline is quite easy too, here is the content of the config file

ssh root@192.168.2.1 cat /etc/config/sqm
 config queue 'eth1'
     option qdisc 'fq_codel'
     option script 'simple.qos'
     option qdisc_advanced '0'
     option linklayer 'none'
     option enabled '1'
     option interface 'br-guest'
     option download '2000'
     option upload '1000'
     option debug_logging '0'
     option verbosity '5'

A new interface has to be defined in /etc/config/network, aswell as configuring a new vlan on the switch

config interface 'guest'
     option ifname 'eth1.4'
     option type 'bridge'
     option proto 'static'
     option netmask '255.255.255.0'
     option interface 'guest'
     option ipaddr '10.0.0.1'

config switch_vlan
     option device 'switch0'
     option vlan '4'
     option ports '0t 2t 3t 4t 5t'
     option vid '4'

Configuring a password free access point is done by adding the block below to /etc/config/wireless

config wifi-iface
     option mode 'ap'
     option device 'radio0'
     option network 'guest'
     option ssid 'FreeWifi'
     option encryption 'none'
     option hidden '1'
     option isolate '1'

And we need to make these additions to /etc/config/firewall

config zone
     option name 'guest'
     option input 'REJECT'
     option output 'ACCEPT'
     option network 'guest'
     option forward 'ACCEPT'

 config forwarding
     option src 'guest'
     option dest 'wan'

And one of the routers (192.168.2.4) have to be configured as a dhcp server

ssh root@192.168.2.4 cat /etc/config/dhcp

config dnsmasq
	option disable '1'
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limt '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'dk'
	option interface 'dk'
	option ignore '1'

That is all for now

This entry was posted in internet, Linux. Bookmark the permalink.