Throttle traffic for a single local IP on a Linux router?

Thu Dec 23 23:32:33 UTC 2010

Hi,

I know this might not be 100% on-topic and might be better suited 
for a Linux-distro mailinglist, but I hope to get more diverse 
methods from you networking experts.

Basically, I have a small residential connection, 5 Mbit down, 0.5 
Mbit up. A user on my local network, who we will call 
192.168.1.105, is using too much bandwidth. I have tried social 
engineering to get him to stop, he claims to, but iftop says 
otherwise.

My network is setup like this: Cable modem goes to eth0 on router 
running Ubuntu server, eth1 on the Ubuntu box goes to a wrt54gl 
(behaving purely as a bridge), and all clients are connected 
wirelessly. The Ubuntu box handles everything.

So I have tried this script, and it does not work -- download speed 
gets limited just fine, but upload remains unlimited for some 
reason:

TC=/sbin/tc
OUTIF=eth0             # Interface for WAN (internet)
INIF=eth1            # Interface for LAN (internal network)
DNLD=0.5mbit          # DOWNLOAD Limit
UPLD=0.1mbit          # UPLOAD Limit
IP=192.168.1.105
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
$TC qdisc del dev $INIF root
$TC qdisc del dev $OUTIF root
$TC qdisc add dev $INIF root handle 1: htb default 30
$TC qdisc add dev $OUTIF root handle 1: htb default 30
$TC class add dev $INIF parent 1: classid 1:1 htb rate $DNLD ceil 
$DNLD
$TC class add dev $OUTIF parent 1: classid 1:1 htb rate $UPLD ceil 
$UPLD
$TC filter add dev $INIF  parent 1:0 ip pref 1 u32 match ip src 
$IP/32 0xFFFFFFFF flowid 1:1
$TC filter add dev $OUTIF parent 1:0 ip pref 1 u32 match ip dst 
$IP/32 0xFFFFFFFF flowid 1:1

Anyone see any problems in my setup, this script, or have any idea 
how I can limit the speeds of Mr. 192.168.1.105 without social 
engineering?

Thank you for your time.