• CoDel AQM?

    Locked
    10
    0 Votes
    10 Posts
    7k Views
    E

    This is in 2.1 snapshots.

  • Limit bandwidth for all IP addresses except specified.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    Just don't match them in the rule.

    Either:

    pass from !(those users in an alias) to * with a limit
    pass from (that subnet) to * without a limit

    or

    pass from (those users) without a limit
    pass from (the whole subnet) with a limit

  • Limit any user in Lan to 128kbps down and 128kbps, pls. check my settings

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    @markluhde
    thanks for the reply ,,, btw can you give an example on how to use it, it is my first time to use limiters with schedule. thanks again.  ;)

  • Can I schedule the limiters?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    C

    @abdurrahman:

    For example, I created a limiter as below
    Name : download_limit
    Mask : Source
    Bandwitdh: 512K

    I created a schedule as below
    after-work: 17:30-23:59

    I want this limiter to be scheduled at after-work.. this limiter will be active only between 17:30-23:59…is it possible?
    if it is possible, I will apply it to a firewall rule...

    Just as noted by @mark, downlink limiter will go with DESTINATION MASK while uplink limiter will go with SOURCE MASK.

    Then on schedule, apply the schedule on the firewall rule you will create to push traffic to the limiters. I'v done this and is working perfectly.

  • Hfsc vs pcq from mikrotik

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • L7 rule or other method for shaping Spotify traffic?

    Locked
    4
    0 Votes
    4 Posts
    5k Views
    M

    I haven't made any progress on this one.

    I can say that Spotify traffic does NOT drop into the standard/bulk p2p queue.

    Sigh.

  • Which queue applies?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S

    1.  No, unless your default rule is to pass traffic.  Match rules have no effect on whether traffic is passed or blocked.

    2.  Yes.  Remember, a match rule is not a filter rule.

    3.  Since the pass rule does not specify a queue, it does not get overridden.  The packet and future stateful traffic for this packet will be placed in Q1.

  • QLEN remains zero

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    S

    Another function of the traffic shaper is the delaying of ACK packets when traffic reaches 100%.  This moderates the flow of traffic through your firewall and attempts to keep it from backlogging.

    Under normal conditions, backlogging should occur during severe spikes in network traffic, in which case your queuing will kick in.  This can literally happen in millisecond time frames and be difficult to observe.

    Your traffic shaper is most likely performing as it should.

  • Traffic Shapper \ Queue debugging.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Penalty box, wizard didn't use alias name

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    rbgargaR

    Fix is now committed and will be available on next snapshots. You will need to run wizard again to fix the rule.

  • Which packets going into which queue?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    You can enable logging temporarily on your queue match rules to see what is happening, and then turn your attention to the firewall logs for more information.

  • Easy torrent shaper for home use revised

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    M

    Nice write up.
    i've already created "reversed" torrent shaper.. So I do allow torrent to be used, but if you can use it with ~10kbps connection  ;D

  • PfSense with Squid - How to Limit per IP, But No Limit on Cached Objects?

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    D

    @iservices:

    you're giving very little information.

    It should work if the config is like this:

    client –>squid -->pfsense-->Internet

    if you've got a config

    client -->pfsense-->squid-->internet it'll never work,

    as the pfsense can't distinguish if the traffic is cached by the proxy!

    For better help give better information!

    Hi there! Pardon me for the incomplete info. I am installing Lusca Squid package on my PfSense. Squid and Pfsense are in one machine.

    So are you saying that it will work if squid is on a separate machine?

    Thanks.

  • Floating rule, Alias in source or destination for both ways?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    T

    Sorry. First see your answer now.

    Thanks a lot. I will experience with a LAN/WAN rule and see if I can get same result.

    BR. Anders

  • Squid / Transparent / slow internet

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J

    @fil23:

    The problem starts when in the settings of the SQUID transparent mode switch on the server. The Internet very slow loading web.

    The core of Freebsd 8.1
    More than 200 users

    You haven't given much helpful info, but my guess would be that you've either configured Squid with too little memory, you're using disks that are too slow for your cache, or your Internet connection is very fast.

    In my case I use Squid to only cache large files because small ones can usually be fetched from remote servers faster than they can be grabbed from cache, even with it backed by SLC flash.

  • Floating Rules Direction confusion

    Locked
    3
    0 Votes
    3 Posts
    9k Views
    N

    Thanks for the clarification.

    Given that I don't do NAT on my pfSense, so the rule should match on a private source IP.

  • Help, newbie in PFSense…

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C

    :) Thanks Podilarius… in doc.pfsense.orf there is a paper how to do it, but the version of pfsense they use is 1.0 BREBETA2-BUGVALIDATION-EDITION5 and the newest one doesn't have the pages they show. even the webconfigurator of newest version of pfsense, doesn't have anythinhg about bridge mode. That's why I entered the foroum and made this request. But I'f i get the information I'll post it here for all the people in the foroum...

    Thanks for your time...

  • New book?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    C

    thanks! I think most of us are waiting with joy!

  • Throttle traffic by amount of time or amount of used traffic in GB?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    Yes could potentially use PFSense to throttle his speed.  I know for a fact that WoW has parental controls that you can enable.  I dont think the other games do.

    You would have to throttle the connection to the point that is super super slow.  I would hazard that you try other methods to limit his gaming time though and perhaps if you would game with him or show an interest , even if faked on your part , in his activity , you might have better luck at limiting his time?

    You would have several options in PFSense to do this from using a schedule to traffic shaping to actually using the limiter.

    Also how technically inclined is he as well?  If he is pretty tech savvy then it will make the job that much harder.  Most Xbox's and PS3's have WiFi so if your in a densely populated residential area , there would potentially an unprotected WiFi he could jump on and avoid your throttling altogether.

    As a father myself , I find that by gaming with the kids and showing interest in their hobbies , it makes it easier and they are willing to live with limits on game time and have reached the point that for the most part they do it themselves without me having to tell them.

    Good luck to you.

  • Best strategy for limiting in public library setting

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J

    My recent post covers the basics of this:
    Works! Limiting multiple LAN users, thru single external proxy
    http://forum.pfsense.org/index.php/topic,60861.0.html

    In general, to create different speed groups, you need to do some coordination of your network addresses, and you can't just use automatic address assignment by DHCP for the entire building LAN.

    You'll probably want to inventory all the MAC addresses of the public machines so that they can be assigned addresses within the same common block, via DHCP MAC reservations . (You can also manually assign addresses directly to each machine without DHCP reservations, though this can be a maintenance hassle if the machines are wiped and reimaged occasionally.)

    The collective address range is then restricted by the limiter. Anything outside the range would be permitted full speed.

    A more thorough option is to group all the wired public machines into a single network switch or a VLAN, and then applying a subnet and automatic DHCP to that entire group through an optional interface on your pfSense router.

    This requires lots of fiddly crawling around under tables, locating of ports on walls and who is what port number, and then moving cables around in closets to put all the wires into a common group on a single switch or to make a VLAN range of ports.

    (You can also create a freeform VLAN for scattered ports across the switch without moving cables on the switches, but this is more management hassle later if there's a problem, IMO.)

    This would allow the computers to all be limited without needing to do DHCP reservations, and also allows for an open public wifi service for patron laptops and mobile devices to join the subnet and be limited also.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.