Possible to limit bandwidth to certain sites?

[Coldblackice]

For any linux/iptables gurus out there:

On a home network with a router running Tomato, would it be possible to restrict upload/download bandwidth to certain sites, like the Youtubes, while letting other sites remain unrestricted (and not just as a branch of QoS, but a statically running system)?

Tomato (shibby's) has a bandwidth limiter function that can restrict IP/IP ranges to download/upload/connection rates/ceilings. But I'm wondering if it'd be possible to fine tune this to restrict based on site -- restricting the download/upload rate/limits on Youtube (or vice versa).

I'm guessing it would take some iptable-sorcery (which I generally lack). I'm also guessing it may perhaps be most feasible by piggybacking on the already available bandwidth limiter function (which I assume is just a frontend for iptable magic) -- laying down a blanket restriction, then manually customizing iptables for fine-tuned rules or exceptions.

Ideally, this would be done without miscellaneous addon packages, like through mere iptables. But maybe that's not possible.

Feasible or nah?

 

[diizzy]

As the traffic will hit your connection anyways even if you limit it (your router/fw would just drop it) it doesn't make any sense to limit inbound traffic at the end-point.
You can do some (ugly) traffic throttling by slowing down acks etc but it wont work reliably.
//Danne

 

[tangoseal]

There are products that can do that however they are almost exclusively on the provider end and not the subscriber end. I am unaware of anything that will specifically meet your criteria. What you want to do is set a QoS profile where as your web traffic is held to a lower priority than other more priority applications.

 

[Coldblackice]

As the traffic will hit your connection anyways even if you limit it (your router/fw would just drop it) it doesn't make any sense to limit inbound traffic at the end-point.
You can do some (ugly) traffic throttling by slowing down acks etc but it wont work reliably.
//Danne

Interesting, thanks. So is even using just the normal, static bandwidth limiter useless as well? Does this mean that, even if bandwidth were limited to 1MB/sec, for example, I'd still be getting hit with a user's full, unchecked use of bandwidth (like 10MB/sec), but with 9MB/sec being thrown away? Seems like that would be an entirely useless feature, if so.

Now that you've pointed it out, I guess it does make sense that it would only really be able to throttle from the client's half of things, like managing acks (I'm guessing that's how the bandwidth limiter works).

But why wouldn't throttling acks work reliably?

There are products that can do that however they are almost exclusively on the provider end and not the subscriber end. I am unaware of anything that will specifically meet your criteria. What you want to do is set a QoS profile where as your web traffic is held to a lower priority than other more priority applications.

Thanks. So does that mean that even the normal bandwidth limiter is useless?

If QoS would work, how come the bandwidth limiter wouldn't? It seems like they'd function on the same methodology.

In either case, would QoS be able to differentiate between traffic based on site/IP address?

 

[Liger88]

Thanks. So does that mean that even the normal bandwidth limiter is useless?

If QoS would work, how come the bandwidth limiter wouldn't? It seems like they'd function on the same methodology.

In either case, would QoS be able to differentiate between traffic based on site/IP address?

A normal bandwidth limiter is really nothing more than a fancy way of saying QoS. Limiting the bandwidth is a static way of throttling a connection while QoS generally refers to filtering traffic based on its type giving higher priority to traffic that carries voice for instance, and lower priority to large data transfers or video traffic.

As far as whether you can implement QoS based on sites/IP address I want to say yes, but the sites you're probably talking about doing this on probably have numerous IP addresses making it a difficult task regardless. Not to mention QoS is a major Networking subject that many threads here have already gone into very deep discussion. Not nearly as simple as it sounds and requires constant attention. Based off your needs and the devices you're listing, I can't see what you're asking for being feasible in any sense other than forcefully limiting a port's speed or implementing some sort of general purpose QoS which a Tomato device can do.