Saturday, February 11, 2017

Bandwidth and Time Control on Local Network

Recently I’ve been facing two problems with my network, my monthly quota is almost reached and the kids using their devices keeping them up at night.

I needed bandwidth and time control on local network, urgently.

There are many solutions to this problem, the easiest one is to shop for a new router capable of bandwidth control and time access.

If you don’t want to buy a new router or you just want something advanced with many features, you can always build a small PC and install pfSense on it.

I’m planning to make pfSense my main router soon, but that’s another project for another article.
Until that happens, I went with a re-inventing the wheel type of solution. I have a Debian system (As shown in the photo above) running 24/7 that handles a few tasks for me, so I decided to utilize it for this problem.

Why do I need bandwidth and time control?


I needed that level of control because of the content the kids view, specifically on YouTube.
They use a tablet and a smartphone to watch videos every day, and the official YouTube app will stream at 1080p if the connection allows it. That is an overkill for the devices they use, the content they view and the long video sessions they have.

Limiting bandwidth, or to be more exact, speed, YouTube will detect it and will only stream at 360p-480p, maximum.

As for time control, well, I can’t count how many times I’ve caught the kids watching YouTube after their bed time, so, something needed to be done.

Squid:


Squid is a powerful caching proxy with many features, including bandwidth control and access time limit.

Usually Squid is used to cache web content, so you won’t have to re-download something twice, since it is saved on the Squid server.

For this project though, I’m just using the basic features, disabling cache and even logs.
Installation was straight forward because Squid is available in Debian’s official repositories.

sudo apt install squid

The idea is to have all the devices the kids use run through this proxy, and with it, the bandwidth and time access is easily controlled.

I also want this proxy to only disable access based on time for the kids’ devices, any other device connected through it should have no time limit, just bandwidth limit.

This is the configuration I ended up with:
  • No caching
  • No logging
  • Allow internet access for kids from 6:00 AM to 9:15 PM
  • Allow internet access for all other devices without a time limit
  • Limit bandwidth speed to 1.4 Mbps (140 kbyte) to all connected devices
Just a note, the following is NOT the full configuration file, just what I’ve added to it beyond the default values.

I located the “INSERT YOUR OWN RULE” line in /etc/squid/squid.conf and added the following bellow it:

# Define local network IPs to MYNETWORK
# and KIDSTAB to kids' tablet MAC address
# and KIDSPHONE to kids' phone MAC address
# and ALLOWEDHOURS to allowed access time
acl MYNETWORK src YOUR-LOCAL-IP-RANGE/MASK
acl KIDSTAB arp XX:XX:XX:XX:XX:XX
acl KIDSPHONE arp XX:XX:XX:XX:XX:XX
acl ALLOWEDHOURS time SMTWHFA 06:00-21:15

# Disable caching
cache deny all

# Disable logging
access_log none
cache_store_log none
cache_log /dev/null
logfile_rotate 0

# Allow access only during ALLOWEDHOURS for KIDSTAB/PHONE
http_access allow KIDSTAB ALLOWEDHOURS
http_access deny KIDSTAB
http_access allow KIDSPHONE ALLOWEDHOURS
http_access deny KIDSPHONE

# Allow access for other devices in network without a time limit
http_access allow MYNETWORK

# Limit bandwidth/speed to 140kb
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 140000/140000

I saved and closed the file, then I ran sudo squid -k parse to make sure the configuration file parses without errors, then I restarted Squid by using sudo systemctl restart squid

By default, Squid will run on port 3128. All I had to do next is edit the Wifi connection on the tablet and the phone to have it run through the proxy. My Debian box has a static local network IP.

As an example, here is how the proxy settings should look like:
  • Proxy: 192.168.1.100
  • Port: 3128
This depends on how you have your network setup, also, if you noticed, the MAC addresses in the configuration files are XX:XX:XX:XX:XX, this should be replaced with the actual MAC address of the device.

A guide on acl and its parameters can be found here.

Important Note:


This type of bandwidth control will only work with HTTP and HTTPS connections, basically surfing and streaming on sites/apps like YouTube and HTTP/S downloads.

That means, torrents for example, will not be affected by Squid’s parameters.

For full control over bandwidth, a router or a pfSense system, would be needed. Since I only needed to limit the basic type of connections, I used Squid.

Conclusion:


This solution works perfectly, and obviously if my machine was capable, I would have it actually caching all web content, since that would save on bandwidth quota, but, that is maybe a project for a later time.

Until I get my pfSense router ready, Squid will be my savior.

There are so many things that can be done with Squid, such as blocking specific websites, type of connections, caching control. It’s a long list of features that is definitely worth checking.

Below are screenshots showing the time access denied message (before 6 AM) and when access is allowed (after 6 AM), and the last screenshot shows a YouTube video with bandwidth information.


0 comments:

Post a Comment