Disconnecting connected user

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
Ryujin_Ryuuzaki
Novice
Novice
Posts: 15
Joined: Fri May 22, 2009 11:21 pm

Disconnecting connected user

Post by Ryujin_Ryuuzaki » Sat May 23, 2009 9:14 pm

Hello,

I would like to know if it's possible with the RouterTech software to let the router automatically disconnect a user once he has exceeded a certain bandwidth limit ?

Reason I'm asking this is because I am selling my wireless to 2 of my neighboors.
Currently I have software installed on their computer that allows me to shut down their computer once they exceed a certain monthly bandwidth.
However it is quite easy to bypass that software by killing the process, uninstalling it or whatever else they might come up with.

Thanks for the input.
Last edited by Ryujin_Ryuuzaki on Sat May 23, 2009 10:46 pm, edited 1 time in total.
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Post by thechief » Sat May 23, 2009 10:12 pm

There is no obvious (or easy) way to do it. However, if you are good at shell (or BASIC) programming, you could write a shell script/BASIC program to do it:

1. First, you will enable cron, IPAccount, and rshaper
2. You will create a minix partition and store your script/program there
3. You will set up a cron job to run your program periodically
4. Your program, when executed, will monitor the file "/proc/net/ipt_account/mynetwork". It will parse the file to check the bandwidth used by each IP address in your network, and when one reaches the limit, will throttle the bandwidth of that IP address with rshaperctl (e.g., reduce it to 128 bytes per second).
Last edited by thechief on Sat May 23, 2009 11:12 pm, edited 1 time in total.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Ryujin_Ryuuzaki
Novice
Novice
Posts: 15
Joined: Fri May 22, 2009 11:21 pm

Post by Ryujin_Ryuuzaki » Sat May 23, 2009 10:44 pm

Thanks for the info !

I am really bad with programming but I will look into it.
If it doesn't work out I will have to find other ways to improve bandwidth surveillance then.
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Post by thechief » Sat May 23, 2009 11:11 pm

Here is a rough and ready example:

Code: Select all

#!/bin/sh
# -------------------------------------------------
# "bandwidth.sh"
# RouterTech firmware script to check bandwidth
# (via IPAccount)
# Author: TheChief
# Last amended: 23 May 2009
# -------------------------------------------------

# IP Account log file
fil=/proc/net/ipt_account/mynetwork

# Maximum permitted bandwidth (in bytes)
max=89925855

# Throttle to this number of bytes per sec
throttle=128

# read the log file and process
cat "$fil" | {
  # parse (and ignore 192.168.1.0 - that is the sum of the whole network)
  while read a b ip c d src e f g h i dest j; do
     if [ "$ip" != "192.168.1.0" ] && [ "$src" != "0" ] && [ "$dest" != "0"  ]; then
        sum=$(expr "$src" + "$dest")

        # check if the sum of src and dest exceeds max
        if [ $sum -gt $max ]; then
           dt=$(date)
           # log what we are doing in the system log
           echo "As of $dt, $ip has exceeded its bandwidth. Throttling ... " | logger
           rshaperctl "$ip" "$throttle"
        #else
        #   echo $ip $src $dest = $sum
        fi
     fi
  done;
}
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Ryujin_Ryuuzaki
Novice
Novice
Posts: 15
Joined: Fri May 22, 2009 11:21 pm

Post by Ryujin_Ryuuzaki » Sun May 24, 2009 8:13 am

Thanks for putting up those lines of codes.
I will use them as a reference and see what I get to do.
Ryujin_Ryuuzaki
Novice
Novice
Posts: 15
Joined: Fri May 22, 2009 11:21 pm

Post by Ryujin_Ryuuzaki » Fri Jun 12, 2009 10:29 pm

Another question,

How can I block internet access for a user but let him have local network access ?
Post Reply