• Limiting traffic video for pfsense

    3
    0 Votes
    3 Posts
    3k Views
    F

    youtubes uses FLV and MP4.

  • Limiting bandwidth between certain hours, which way is the best?

    7
    0 Votes
    7 Posts
    4k Views
    P

    Also if possible, id like to limit the bandwidth usage to 300GB per month.  Then close to 300GB, I'd get a notification from pfsense and at 300GB pfsense would close all connections until the billing cycle restarts..

    This is also a fu7ndamental feature I'd like to implement.  At $1.50 per GB, its not long before the bills go up.

    Can pfsense limit the amount of data per time cycle (per month, per day, etc….)???

  • WAN limiting?

    2
    0 Votes
    2 Posts
    2k Views
    S

    All you should need to do is run the traffic shaping wizard and plug in your numbers (10/10) and it will be limited.  That will get you the basics.  Beyond that you can fine tune the traffic shaping by:

    Using floating rules and establishing alias's for gaming ports and then putting in rules and queues to limit traffic. So basically you would have

    WAN - HFSC 9MB (this is your upload)

    qNerf - Default - 5% qWebSteam - 15%
    -qAck -30% qGaming - 50%

    LAN - HFSC
    -qInternet - 10MB (this is your download)
    –qAck - 20%
    --qNerf - Default -5%
    --qWebSteam - 10%
    --qGaming - 65%

    qACK will be for TCP ACK packets
    qWebSteam will be for 80,53 , and steam ports for upload / download , etc
    qNerf will be for any traffic not recognized
    qGaming should be for all your gaming traffic

    This will require you to know the ports for the games people are playing and either make rules for each port set per game or make an alias called gaming ports , put all the ports in it and use that in your floating firewall rule.

    Sometimes games can be tricky about what ports are being used so the best way to figure this out is to put up PFSense , run a PC behind it  and have it play the game and run a port capture on it to see what ports the game is actually using.  You can export the capture from PFSense to Wireshark.  This will be the part that will be the hardest to do , getting the games qualified into proper port mappings and then having them hit the correct queues.

    Running a 10/10 Internet connection with anything over 50 people is going to be rough as games like LoL (League of Legends) and others will tax it if your doing a tourney.  For 250 people I would see if you could get another 10MB on download and give up 5MB on upload.  If you see someone uploading alot ,then typically they are running a file sharing app and you need to shut them down.  I would recommend using PRTG as well and make a port mirror on your switch so you can see the traffic and monitor it and when you see someone hogging the bandwidth - I do the following:

    1. See what traffic / port they are passing and to what IP if it resolves.
    2. Find the MAC of the PC . Make a static reservation in PFSense for that MAC to get a static IP.
    3. Delete their current lease to force them to renew and get your static IP.
    4. I make a LAN rule to block all traffic for that MAC to any connection on the network.
    5. Now you can wait for someone to come up and say they can't get to anything and you can see what they were doing.
    Typically they will have something like Spotify running or some other file sharing application.

    If you have better switches and you can see what table switch port they are on , then you can just shutdown the port  but alot of LAN's just run dumb gigabit switches at the tables and a Layer2 at the core for the most part. The above way is effective in shutting them down.

    I would recommend thoroughly testing out your configuration by doing the above with a couple of PC's so you can see how it is going to perform.  You will need to use Intel NIC's in the PFSense box for the best performance.

    Btw - I run the network / Internet for LAN's that are about 120 people in size and we usually have 2 or 3 50/5 cable modems for our Internet and use load balancing with a similar config. I run a PRTG box to monitor my stats and I run a Dell Poweredge 2950 server with ESXi 5 that holds all our gaming servers. We use an Intel Dual Core 3GHZ 8G RAM , 80G SATA , 4 Intel Gigabit NIC PC running PFSense.

    Sorry for the long post but the best advice I can give you is test , test , test before the event.

  • Traffic Shaper and port number tracking clarification please.

    3
    0 Votes
    3 Posts
    1k Views
    J

    Ok. Thanks for the clarification. I understand now.

    Jits.

  • Would pfsense work for me to shape traffic this way?

    2
    0 Votes
    2 Posts
    1k Views
    C

    The easy way to do it is with limiters, not running through the full blown shaper. Create the up and down limiters as desired for the hosts to be rate limited, configure as needed in firewall rules.
    http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

  • Traffic Shaper not queing properly

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Limiters not working as expected…

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Custom Traffic Shaper rules in 2.0.x

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T

    Another functionality is logging firewall rules to external MySQL database
    I would like to add this via option in Shaper Wizard with option fields like:
    database server
    database name
    database user
    database pass
    as far I know this can be done with Remote syslog server like this:
    http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
    This would be configured on syslog-ng host - question is: is it compatible with pfSense syslog?
    http://www.gho.no/2008/10/setting-up-remote-syslog-to-mysql-with-cisco-ios-and-syslog-ng-in-linux/

    I'm currently running on 2.0.3 i386.

  • Proper use of Layer7 to "block" bittorrent, p2p, etc.

    Locked
    2
    0 Votes
    2 Posts
    8k Views
    cmcdonaldC

    I am also confused with something as well. pfSense firewall rule theory is still a bit new to me and requires me to really think about rules before creating them. I know that rules are executed when packets are received on the rules respective interfaces. I believe that floating rules are executed when "any" packets are received from "any" interfaces? Also, once a rule matches a packet, do other rules get executed as well? For example, lets say I wanted to create a few different layer 7 containers and apply numerous filters to an interface? Are the containers involved in determining whether or not a packet matches a rule? That is what's confusing me.

  • How to easily identified queues in RRD graph?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S

    I don't think you can do that from the webinterface, sorry. Found the color thing though, does that help:
    http://forum.pfsense.org/index.php?topic=16463.0

  • QoS for pfsense originated connection

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    M

    I have try different scheduler, but i can't find right floting rules to match connection originated from openvpn server running on top of pfsense itself.

  • Limiter with port forwarding

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Traffic Shaping on pfsense / sluggish interface

    Locked
    8
    0 Votes
    8 Posts
    6k Views
    S

    i used both the wizard and a manual configuration and both result to sluggish interface (although apparently one faster than the other - thinking about it now the difference in speed reflects the speed differences between the default queues at each example).

    and yes, wizard creates floating rules reflecting my selections but i dont see any rule regarding the LAN traffic. just noticed there's just "qInternet" in the LAN portion of the shaper, and no "qLink". this example defaults to qP2P but i've had examples to default other queues reflecting my choices in the wizard…

    lets just say that neither the wizard nor the (previous) manual configuration creates a "qLink", but i can add it afterwards.
    what is the floating rule gonna be like to throw LAN traffic in the "qLink" queue?

  • Using L7 to block embedded video and audio traffic

    Locked
    12
    0 Votes
    12 Posts
    16k Views
    A

    i am currently using 2.0.3.

    IP limit is working when I limit them to IP addresses. Only when I use limit on L7 youtube and flash, it cause that problem. Any idea how I can check what is the exact problem? Should I post my configs here? BTW, I am using LIMITER in the L7 config not QUEUE.

  • Need help on bandwidth limiting

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Bandwidth restriction

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    V

    thanks for the reply, Do you have steps how to do that?

    @myke:

    Hi,
    You can add a queue on your two lans interfaces with your bandwith.

    Lan 1 –->QParent = 2MO
    Lan 2 --->QParent = 2MO

    you add also floating rules to use the queue that's all.

    Best regards.
    Myke.

  • Layer7 Rules can close connections?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E

    IT just blocks the whole connection if a packet that matches is received.
    Not whole packets.

  • Asterisk behind pfsense - QoS

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J

    You may want to consider use of limiters to reserve bandwidth for your VoIP traffic.  2/2 doesn't leave a lot of room to let the shaper work it out.

  • CBQ + Suspends

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Quick option on Floating Queue rule

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    N

    Yes, you are right.
    Maybe jimp could change the wording of the statement to avoid any confusion (at least for me).

    Thanks

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.