I am new here and I've been searching for some answers on the IPCop capability to limit users download speed. I've never used IPCop or any firewall filtering program before. I am a newly hired Network Admin in a medium size seminary school. We use IPCop 1.4.18 as firewall/gateway and is directly connected to the DSL. We have unsecured WAP all over the campus for students who has laptops. We don't use proxy to connect to the internet and our network is configured as workgroup, not as a domain. I want to limit the download speed of anyone who passes the firewall/gateway. At the Download throttlling, I tried to set the Limit per host on Green to 128kb/s but I can still see some downloads of 500K/s- 1.5Mb/s. I have to use Banish to stop the download. Maybe I am not doing it right. Can anyone tell me how to set it correctly?
Have you got any QoS addons installed because the stock IPCOP installation does not allow control at the host level (at least from the GUI) It does it by prioritising protocols. Can you let know what addons you have installed?
From your initial post it would appear that you have the "Advanced Proxy" addon installed. Just to confirm your list of addons, go to the "Services" menu and post a list of all the menu items. This will give me more of an idea.
Right! That confirms what I thought. You have the "Advanced Proxy" addon installed, which is where you saw the "Limit per host on Green" setting. This setting and the others on the "Advanced Proxy" page are only applicable if your clients are being forced to use the proxy. The easiest way to control web traffic (at least on port 80) would be to check the "Enabled on Green" and "Transparent on Green" options.
This will have the effect of redirecting all port 80 traffic that tries to traverse your firewall. Thus you will be able to apply your speed limiting settings. It will not however trap any traffic on other ports. The advantage of this is that you will not need to make any changes to the client machines, hence the name "transparent proxying".
If you do want to control all ports, you will need to block all outgoing client access at the IP level using iptables, and then notify all your clients to enter the details of your IPCOP in their proxy settings. If not, all non-port 80 traffic will be blocked.
If you want to do the above, I can supply the appropriate iptables commands.