Can I use a subnet mask to limit the number of users on a router?
(I'm not a network guy, so please humor me.)
I want to configure a typical consumer router as an open hotspot. However, the router's internet connection has limited bandwidth. Therefore, I'd like to limit how many people can connect to it simultaneously.
I could set DHCP to hand out a small number of addresses, but additional users could still connect if they specified their own IP address. So I'd rather set a hard limit.
I'm wondering if a subnet mask will do the trick. I (sort of) understand that subnet masks are a way of telling the network section of an IP address from the host part, and I think that means I can limit the number of possible addresses, and therefore users, on the router. So:
- Can I do this?
- Might it screw something else up?
- Is anyone patient enough to list the possible subnet masks and how many users would be able to connect for each one?
Update
The list I was looking (sorry, I wasn't very clear) was this: if the first three octets are 255.255.255, what are the possible netmasks and how many hosts they support? I found this from the link Eddy provided. Answer:
- 255.255.255.0: 254 hosts
- 255.255.255.128: 126 hosts
- 255.255.255.192: 62 hosts
- 255.255.255.224: 30 hosts
- 255.255.255.240: 14 hosts
- 255.255.255.248: 6 hosts
- 255.255.255.252: 2 hosts
- 255.255.255.254: 0 hosts
- 255.255.255.255: 0 hosts
Several of you have pointed out that limiting users is not the same as limiting bandwidth. It's a good point, but in this case, I'm just concerned with limiting the number of concurrent users.
So, my question again: if I simply assign one of the netmasks above to the router, will it restrict the number of possible users effectively, as listed above? Might it screw something else up?
Solution 1:
Is anyone patient enough to list the possible subnet masks and how many users would be able to connect for each one?
Google found this, nifty subnet calculator
A small subnet will limit the number of concurrent users - people trying to hijack addresses may cause problems with duplicate IP addresses. It comes down to how hard you want to limit usage, and how hard people will work to overcome the measures you implement.
Quality of service will go a long ways to helping share the available bandwidth. Google found this link that will give you an idea on whats available.
With wireless it's easy enough to spoof/change mac addresses but you could come up with some scripts to monitor active mac addresses and limit them with iptables and some restrictive qos classes.
Edit To answer the updated question: "if I simply assign one of the netmasks above to the router, will it restrict the number of possible users effectively, as listed above? Might it screw something else up?"
Two things to watch when you do this:
- Account for the IP addresses of the Access Point and Internet Gateway (if the gateway is a different box) when deciding how many hosts to allow.
- Make sure that the DHCP service will assign addresses with the correct starting address (eg, if your network starts at zero and only has room for 12 hosts, then have the dhcp service start assigning addresses within the range). I would expect the access point to do this automagically but it's something to check.
Solution 2:
Limiting the number of users that can connect is not the most effective way of limiting bandwidth. What if you have only 2 users connected but one of them is downloading a 500MB file? Limiting the number of connected users does nothing to limit the bandwidth utilization of each connected user. My suggestion would be to find a way to limit the bandwidth utilization of each user. You could try something like NetLimiter running on a gateway machine.
http://www.netlimiter.com/
Solution 3:
If you aren't willing to implement a business class system that can allow (free) access with a small registration, then I'd suggest your best bet is to use the DHCP plan AND narrow down the subnet. Set a short lease time of 10-20 minutes. Once all DHCP addresses are used, no others will be given out. people would have to guess the IP range and even then, run the risk of creating an IP conflict.