Bandwidth Allocation In A Small Cafe

[suzannegoh]

We are running a small café & coffee shop. We are using a cheap 3BB internet package (including 3BB's wifi router) to offer free wifi to our customers. The 3BB setup works well but we occasionally have the problem of bandwidth hogs (who are generally light spending customers) clogging up the system downloading torrents and/or doing nzb downloads from usenet groups. This can drop the internet speed to almost zero for everyone else. Is there some way that we can allocate bandwidth on a per-user basis or perhaps throttle down the speed of torrent downloads? We would rather not completely block torrents and usenet groups and do not want to alienate customers who we suspect of abusing the system.

Edited August 19, 2014 by suzannegoh

[KhunBENQ]

The simplest way would be to throttle the max. speed per IP adr indiscriminately using the routers bandwidth control function.

At least the "better" routers have this feature.

A max. download bandwidth of 1 Mbit/s would be enough for the avarage "cafe surfer" to my opinion (still allows to view videos in simple quality).

Allocate bandwidth individually via this way is possible but not practical, as it is based upon IP adress, which dynamically changes (DHCP).

What modell of router you have? (see label or log on).

nzb?

Edited August 19, 2014 by KhunBENQ

[Chicog]

Throttle by application, not IP address.

Depends on the router though.

Do you have admin access to the router? Can you see a QoS option?

[Killian30]

I am sure there is software that you can block torrent site as its not really what the internet in a café is for lol, some people hey, you really do learn a lot about people when you open your own business.

Edited August 19, 2014 by Killian30

[suzannegoh]

The simplest way would be to throttle the max. speed per IP adr indiscriminately using the routers bandwidth control function.

At least the "better" routers have this feature.

A max. download bandwidth of 1 Mbit/s would be enough for the avarage "cafe surfer" to my opinion (still allows to view videos in simple quality).

Allocate bandwidth individually via this way is possible but not practical, as it is based upon IP adress, which dynamically changes (DHCP).

What modell of router you have? (see label or log on).

nzb?

The router is 3BB’s 1 Port DSL WiFi router. I don’t see an option in its setup menus to set the max bandwidth per IP address. NZB is a scheme to post and download binary data on usenet groups, see http://en.wikipedia.org/wiki/NZB. It’s an alternative to torrents and can be configured to run on port 80 or 443 so that it is harder to distinguish from normal web traffic.

[Chicog]

Does it mention QoS anywhere? If not I would look at getting a Router distribution that gives you more control over what your customers do, like CoovAP or DD-WRT. Of course those will need a little technical know-how and/or some homework on your part.

I've not actually used either of them for this myself so I can't really advise you.

Although someone on a DD-WRT forum posted this:

Blocking torrents is really very simple.

Block the trackers, stop access to the tracker you stop torrents dead, encrypted or not.
Trackers use web addresses like this -

hxxp://tracker1.tvtorrents.com/TrackerServlet/announce
hxxp://www.h33t.com:3310/announce

Simply add these 3 keywords to Access Restrictions/Website Blocking by Keyword

tracker
announce
d1:ad2

You'll know if it works if if you see one or more of your customers cursing at their devices.

Edited August 19, 2014 by Chicog

[RichCor]

As Chicog suggests, acquiring "a Router ... that gives you more control over what your customers do".

If your current router (or WiFi Router) doesn't offer advanced advanced 'filter' options like 'throttling capability' then you might want to consider purchasing one that does.

Some brands of Routers or Router/WiFi boxes can have their 'Firmware' overwritten with new code that offers a ton of features for people like yourself who need to administer who, how much and how long users can be on your Internet connection.

DD-WRT, Tomato, etc, are aftermarket firmware, and while not Plug 'n' Play simple they offer the advanced owner and user services that you're looking for.

Wikipedia: List of wireless router firmware projects

Some suggestions (stolen from the 'easy Tomato' website)

• Easy Tomato (for Asus RT-N16 router): "​EasyTomato is a powerful, easy-to-use, free bandwidth manager that is perfect for schools, hospitals, and nonprofits with slow internet connections and limited IT knowledge."
• TomatoUSB mods: There are various models of the Tomato firmware currently available. EasyTomato is a Toastman build of the TomatoUSB firmware. It looks almost identical to Advanced EasyTomato mode and runs on many routers. Many people like Tomato by Shibby
• DD-WRT: Firmware that is similar to the Tomato firmware family. It also has extensive documentation.
• Smoothwall Express: An easy-to-install firewall/router that runs on a computer, not a router. Its hardware requirements are extremely low (Pentium II processor with 128 megs of ram). It offers caching to speed up connections as well as more detailed overviews of the system.
• Pfsense: An advanced firewall/router that runs on a computer and that offers features only found in corporation-grade hardware firewalls (in fact, many large companies use it). You need a high level of technical knowledge to use it. It has advanced features such as load-balancing multiple LAN connections, Snort intrusion detection, and captive portals. Many community-driven plugins offering even more advanced functionality are also available.

Edited August 19, 2014 by RichCor

[innerspace]

If you are needing to ask this then get a tomato capable router, wrt can be more flexible but tomato is a simpler interface and has good qos.

Ask in an it shop for a compatible router and get them to install it and even setup qos. Then research tomato qos so you can tweak if needed.

I am a big fan of wrt54gl, tried and tested and excellent with alternative firmwares. Wireless G may help your needs, 54Mbps is fast enough. But many more modern options out there.

You can continue to use your existing router but put it in gateway mode and use as a modem.

[muratremix]

Why let them download usenet stuff? If you use too much bw, 3bb will throttle you until end of day or more.

I recommend pfsense. You can buy 130-140 usd mini pc with dual ethernet from china ( http://www.aliexpress.com/store/800900 )

install pfsense (if you know how) and add a wifi card or wifi basic ap to complete system.

[suzannegoh]

Why let them download usenet stuff? If you use too much bw, 3bb will throttle you until end of day or more.

I recommend pfsense. You can buy 130-140 usd mini pc with dual ethernet from china ( http://www.aliexpress.com/store/800900 )

install pfsense (if you know how) and add a wifi card or wifi basic ap to complete system.

I might get a new router and give DD-WRT a try, that option doesn’t sound very scary to me. Part of the reason for letting them download usenet stuff is my limited technical knowledge about how to stop it. Seems like you can't just block the commonly used ports for nzb downloads because some usenet providers let you use port 443 and if you block that a lot of normal web surfing would be blocked out too. While I do want to stop people from abusing the system, I don’t want to lock the system down so much that it’s an irritant to our more considerate customers.

[muratremix]

Why let them download usenet stuff? If you use too much bw, 3bb will throttle you until end of day or more.

I recommend pfsense. You can buy 130-140 usd mini pc with dual ethernet from china ( http://www.aliexpress.com/store/800900 )

install pfsense (if you know how) and add a wifi card or wifi basic ap to complete system.

I might get a new router and give DD-WRT a try, that option doesn’t sound very scary to me. Part of the reason for letting them download usenet stuff is my limited technical knowledge about how to stop it. Seems like you can't just block the commonly used ports for nzb downloads because some usenet providers let you use port 443 and if you block that a lot of normal web surfing would be blocked out too. While I do want to stop people from abusing the system, I don’t want to lock the system down so much that it’s an irritant to our more considerate customers.

I believe pfsense L7 packet inspector firewall can block usenet no matter which port.

I just ordered $194 usd mini pc with 4 ethernet ports for pfsense firewall and I'll try blocking at home to see if it is working good.

DD-Wrt has so many stability problems.

[Chicog]

DD-Wrt has so many stability problems.

Really? I haven't noticed any.

[Thaimaishoe]

And all of this nifty traffic shaping goes out the window, as soon as someone like me sits down and slurps all your bandwidth through a VPN tunnel. You can not see it as individual types of traffic. I could be checking e-mail, or I could be downloading a movie, you can not tell - all you see is so much BW being used.

Of course you can deal with me too, the VPN does not obscure the BW being used. So throttle the maximum BW per connection. But simple port/protocol filters will not be completely effective on their own.

When I connect to wifi I make damn sure my VPN is functioning, so you will definitly run into it. Furthermore, since VPN's are a popular way to hide your torrent activities, the people most likely to use it, are the ones you are already having a problem with. Why do I have a VPN? So nobody, not even the owner of the network, can see my e-mail traffic, or my CC number if I happen to be booking a flight or hotel room. And, all this damn geo tracking thinks I am located wherever the other end of the tunnel is, so when I do banking or netflix they think I am in the US, and the BBC's iplayer thinks I'm in the UK, and the RIAA/MPAA think I am in whatever country I choose for that connection. I do not go to coffee shops, and cafe's to suck up all their free bandwidth... that is what the connection at work is for!!

Its been years since I fooled around with this kind of thing, and it was just for fun when I did, but I used to have my server set up as a linux firewall (iptables at the time, I think its pfsense now), with a squid proxy (great for filtering the ads out of web traffic), and a program I can not remember the name of to automatically reduce my usenet download speeds so I could surf the web when I got home (exactly what you are trying to do, but I wasn't trying to get around my own rules!), without having to go in and manually change the speeds at which I was downloading. I believe it can be programmed to squeeze the BW allowed progressively. My point is if you are serious, and a DIY'er, an old PC, a linux or BSD OS, two network cards, and untold hours of your life, and you could have a solution tailored to your every desire.

Or buy a router that can run Tomato, and implement BW limiting, which I think is called QoS. It is simple to flash to the router, and has a great interface.

Thanks for letting me ramble, now that I'm semi-retired, maybe I'll look at getting back into this stuff!

[muratremix]

DD-Wrt has so many stability problems.

Really? I haven't noticed any.

You need an iq over > 80 to notice such things.

[Chicog]

DD-Wrt has so many stability problems.

Really? I haven't noticed any.

You need an iq over > 80 to notice such things.

Or perhaps you're just talking <deleted> again.