Chilling_Silence's blogQuotas on Gargoyle Router
Yuss, it’s everybody’s fav router firmware, and quite possibly one of the features it’s most famous for!
Per-device quotas provide you with the same functionality that your ISP has in terms of rate-limiting, as well as completely cutting access. On top of that, you can set unique ones for each device (Or person in your house).
What’s more, you get full control over how often it resets, such as weekly, daily, monthly, and when it resets. This means you can make it coincide with your ISP’s traffic data cap too!
Unfortunately it’s not without its short-comings. Here’s a few things you can do to help prevent the system being abused.
The way that the quotas work is based off the MAC Address of the system.
This means that if you’re going to give everybody 2GB a week, and you have a laptop, you can have a theoretical maximum of 4GB if you use your 2GB through your Wireless network card on your laptop, and another 2GB if you use the cabled network card on your laptop.
For most people / places / families, this isn’t an issue. People don’t generally plug in a laptop to a router where WiFi is available, nor do Desktops that are hard-cabled also connect via WiFi. It’s a “one or the other” for the most part, but it’s just something you should keep in mind.
Now in the Gargoyle Router you’re going to want to go to Connection –> DHCP.
You’ll see an option for “Block MAC addresses assigned a static IP that connect from a different IP” which you pretty much MUST have ticked:
This is going to prevent anybody on your LAN who thinks they can be clever and simply assign themselves a new static IP address and get a new quota. If you don’t do this, it’s easy enough to just change your IP address to something different and get yourself a new quota. Or, even worse, you can use the quota of another person. With kids being so clever these days, I’ve actually seen that happen, one sibbling deliberately use the quota of another.
It’s still possible to change your MAC address if you’re really clever enough, however that’s generally a lot more effort than setting a new IP address. On top of that, most of the people I know who are clever enough to change the IP address of their device aren’t clever enough to change its MAC address. It’s certainly something to keep in mind, however. There is little you can do to stop that.
Now you’ve covered yourself comes the part where we actually set the quotas themselves.
Go to Firewall –> Quotas
In this example we’re going to give everybody on the network the same limit, so we’re going to select:
Applies to: All individual hosts without explicit quotas
This means that everybody is going to get the same quota by default, regardless of if it’s a phone, tablet, iPod, PC, laptop, or console. This is not a “shared” quota, but an individual per-device quota:
You can specify the Max Upload / Max Download if you want, however most people will find those two options irrelevant and move on to the next which is the Max Total Up+Down.
In this example we’re going to assign a maximum of 2GB per-device. Change the drop-down from Unlimited to “Limit to” and then enter 2 in the right-hand column. Change it from Megabyte to Gigabyte:
In this instance we’re going to reset the quota every week, but you can do it daily, monthly or even hourly!
So, change the “Max Total Up+Down” to “every week”.
I’m also going to set this up to prioritize the fact there will be kids at home doing homework during the week, so we’re going to reset it at 3AM on a Monday AM to give them the whole school-week with a fresh quota, and whatever they have left on the weekend to play games, they have left. If they use it all on school, then good on them.
You may or may not find it more useful to reset it, say Friday AM in order to give them a fresh start before the weekend? The sky is the limit.
Next in the list is when it is active. If you’re with an ISP that gives you free off-peak hours, you can configure it here if you want. Most don’t though, so we’re just going to skip over it for now.
Finally, you can choose between cutting all internet access, and simply throttling them back to a slower speed. To be honest in my experience it’s easiest to simply block them entirely. When they exceed their usage limit, they’ll be redirected to the routers login page which will show them just how much they’ve used. If you want to throttle them, you’ll need to pre-configure a few different QoS classes (Upload and download) beforehand.
Click on the “Add new quota” button and it will save your work, displaying it down the bottom:
Now let’s say you want to make yourself exempt (Because you’re the admin, why not?) simply click on the first drop-down menu and change it to:
“Only the following hosts”
Enter in your IP address and then follow the rest of the steps to give yourself a bigger quota. In this example, lets say you’re with Orcon and your monthly allowance resets on the 23rd. Simply go down the list, set it to monthly reset on the 23rd, give yourself a nice big quota of say 100GB and add that too:
Because you have your own quota defined, it’s going to take precedence over the “rest of them”.
Don’t forget to hit the Save Changes button, and you’re good to go, your quotas are now live and active!
On top of that, you and anybody else can check how much their current device has used by going to the IP Address of the router, and it will show it just underneath the login box (This means you DONT have to tell them the password).
Finally, one more word of warning: If you lose power, your quotas reset.
For this reason you should have the router on a UPS, and potentially locked somewhere semi-safe. Either that or make dire consequences if it’s restarted (It’s easy enough to give one or two users an incredibly tiny daily cap as punishment).
The rest is up to your imagination!!
I trust you’ve found this useful. If you have, please leave a comment and just say hi, or if you have any questions then feel free to ask!
Good info. Useful to know the quotas reset after a power cycle. I assume you mean the quote settings themselves are still saved, but the record of what has been used against them gets wiped?
Is there any way to export such info (or pull it from the modem via scripts or whatever?) e.g. grabbing “Bandwidth Distribution” figures and “Web Usage” records and dumping them into local csv files or something would be handy.
I like it. I may try Gargoyle soon. However under Active Quotas in your post it shows only IP. Can quotas be set by MAC rather than by IP? I have too many devices to bother configuring with each person a static IP as the users and devices change, so if I wanted a specific quota I would need to use the MAC number.
Sort of.
If you set the blanket “Every device on the LAN each gets X amount, except these couple of devices where I’ve given them one explicitly more / less” then it doesn’t matter and will do what you want.
If you want *every* device to have a unique amount, then no that won’t work, but if you want all to have, say, 2GB each per week (Except for your PC, you want 10GB a week) then you could JUST set a statically assigned IP for yours and a blanket rule for the rest 🙂
What if the same IP is always given to the same mac address? I’ve got all my children broken in IP ranges in blocks of 10. e.g. all one kid’s devices are set up in DHCP “Static IP” so based on mac address they always get an IP for each of their devices that is in their own IP range. I don’t use quotas, but I do turn off their Internet at different times for each child using “Restrictions” based on their IP ranges. Should work just the same in Quotas.
Yeah that’s fine. See sample screenshot I’ve just taken:
http://i.imgur.com/7v4Bj.png
Hi and many thanks for that. I’d set quotas without going through the DHCP Static IP settings and found the quotas unreliable and being bypassed. One question to which I’m hoping you may have an answer concerns getting Gargoyle to automatically update date and time. My TP-Link TL-WR941N router has never synced with any server and continues to display a date and time in the 1970s! I wish there was a way to set this manually.
Regards, Aubrey
Of course they’re being bypassed, you have got tick the box that says the PC can’t use an IP unless Gargoyle gives it to it. They’re dead easy to get around otherwise :p
If you login to Gargoyle and go to System –> Time –> Set custom servers to:
0.nz.pool.ntp.org
1.nz.pool.ntp.org
nz.pool.ntp.org
That ought to work. Mine always has the right time on it 🙂
Many thanks, I’ve certainly got control of the quotas now. Have just copied and pasted those time server values, saved the changes, did a reset and then a reboot. Status now displays as
Uptime:0 days, 0 hours, 5 minutes
Current Date & Time:30/01/70 09:38 NZDT
Had just tried a few of the regional servers listed and had no idea of the local ones you’ve suggested. Will now give it time to find the servers and update.
Cheers, Aubrey
Hi. I tried to find the info on the wiki but didnt so hopefully can get some help here.
Is there a way to monitor bandwith per device like laptop x has used xx amount today or for the week.
Also i want to restrict a device iphone with white list and only allow certain website how do i set up this. I dont know what words to use in Rule descritption box, exeption description box
For what I read i can only allocate individual quotas through IP not mac address, annoying gargoyle need upgrade this i think.
Just statically assign that MAC to an IP and then set Gargoyle to only allow connections from assigned IPs (So if they’re clever enough to manually assign it an IP they cant get online)
Monitoring requires you to set a quota, just set something stupidly high that they’ll never hit in a week, like 100GB