Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense CE 2.7 Limiter not working

    Traffic Shaping
    limiters
    1
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pf6thSense
      last edited by

      I've been trying to create a Limiter based on the following YouTube video. Under Firewall/Traffic Shaper/Limiters, I created 2 Limiters, one called Limit-Download-1Mbit and one called Limit-Upload-1Mbit.

      Each Limiter is configured with 1 Mbit/s, none schedule. Mask is set to None. The Queue Management Algorithm is set to Tail Drop and the Scheduler is set to Worst-case Weighted fair Queueing.

      I have a LAN Firewall Rule as follows:

      Action: Pass
      Interface: LAN
      Address Family: IPv4
      Protocol: Any
      Source: Single host or alias / Limiter_clients (which is an Alias with 2 IP's)
      Log Packets: enabled
      Advanced Options: In / Out pipe set to Limit-Upload-1Mbit and Limit-Download-1Mbit

      The rule is positioned above my default LAN Allow All rule. When either one of the clients does a speed test, I am still getting the full speed. I can see that the rule is being used since I can see the log entries but the Limiter itself is not working. My Diagnostics / Limiter Info shows the following:

      Limiters:
00001:   1.000 Mbit/s    0 ms burst 0 
q131073  50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
 sched 65537 type FIFO flags 0x0 0 buckets 0 active
00002:   1.000 Mbit/s    0 ms burst 0 
q131074  50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail
 sched 65538 type FIFO flags 0x0 0 buckets 0 active


Schedulers:
00001:   1.000 Mbit/s    0 ms burst 0 
 sched 1 type WF2Q+ flags 0x0 0 buckets 0 active
00002:   1.000 Mbit/s    0 ms burst 0 
 sched 2 type WF2Q+ flags 0x0 0 buckets 0 active

      Does anyone know why the Limiter is not working?

      P 1 Reply Last reply Reply Quote 0
      • P
        pf6thSense @pf6thSense
        last edited by

        Here are some screenshots of my configuration:

        alt text
        alt text
        alt text
        alt text
        alt text
        alt text

        P 1 Reply Last reply Reply Quote 0
        • P
          pf6thSense @pf6thSense
          last edited by

          Update, it's working now! I previously had IPv6 RA enabled as well as DHCPv6 server enabled. On my MacBook Pro and iPhone, I could see that it was getting an IPv4 address as well as multiple IPv6 addresses.

          After disabling IPv6 RA's and the DHCPv6 server and disabling/enabling the WiFi interface, the Limiter is working. I'm suspecting that the clients (MacBook Pro) was using IPv6. What's strange though is that my rule was using IPv4+6 and I also tried creating 2 seperate rules but the IPv6 rule was never getting states.

          P 1 Reply Last reply Reply Quote 0
          • P
            pf6thSense @pf6thSense
            last edited by

            I know why the IPv6 rule was not matching, my aliases was only targeting IPv4 addresses!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.