• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

A lot of users?

Scheduled Pinned Locked Moved General pfSense Questions
27 Posts 7 Posters 1.6k Views 7 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    josephchrzempiec
    last edited by Apr 23, 2025, 5:42 AM

    Hello, First i hope this is in the right place. If not please help me to move to the right topic.

    I want to start up an nonprofit wireless in my area. I give wireless to people who can't afford it. I have enough bandwidth to cover people Not sure how much yet into I can figure things out. My problem is two things. One is in pfsense Sense I'm still fairly new to it and need help with steps on doing this is how can I limit people from downloading to much bandwidth, What I mean is speed for downloading how can I show that down?

    Also Is there a way to seperate every user to connect to to each other, What I mean is either pinging or able to access whatever they have on there system or devices? Theses are the two things I really need help me. Please someone help me to figure this out?

    I'm sorry there is one other thing. Is there way that they can not access the router as well? Only if I'm at that location I can. Thank you

    Joseph

    G J 2 Replies Last reply Apr 23, 2025, 8:14 AM Reply Quote 0
    • G Offline
      Gertjan @josephchrzempiec
      last edited by Gertjan Apr 23, 2025, 8:18 AM Apr 23, 2025, 8:14 AM

      @josephchrzempiec

      Most 'serious' access points can handle bandwidth limiting for every wifi user, and, bonus, handle the client isolation for you, something the router you use, pfSense in this case, can't do.
      On pfSense, keep the initial LAN access for yourself.
      Create a second LAN type interface that you reserve for your Wifi visitors.
      Use this firewall rule :
      1366c9d5-b4ff-4256-8ae5-6e7e91c10185-image.png
      where "ThisFirewallPorts" is an alias you create, and add port numbers like 22, 80 and 443 to it.
      and after this rule you put a general pass rule.
      From now on, your visitors can access the entire internet, but not your pfSense, the admin access.

      Btw : none of this is unique to pfSense - what I've said above is valid for any router firewall available out there : believe it (or not) : they are all the same.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      J 1 Reply Last reply Apr 23, 2025, 2:47 PM Reply Quote 0
      • E Offline
        elvisimprsntr
        last edited by Apr 23, 2025, 9:35 AM

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • S Offline
          stephenw10 Netgate Administrator
          last edited by Apr 23, 2025, 1:06 PM

          Yup 'Client Isolation' should be handled in the Access Point(s).

          You might also try dynamic limiters in pfSense to share the available bandwidth between connected users.

          J 1 Reply Last reply Apr 23, 2025, 2:42 PM Reply Quote 0
          • J Offline
            JKnott @josephchrzempiec
            last edited by Apr 23, 2025, 2:28 PM

            @josephchrzempiec This might be a violation of your ISPs terms of service. Check out that before you do anything.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            J 1 Reply Last reply Apr 23, 2025, 2:37 PM Reply Quote 1
            • J Offline
              josephchrzempiec @JKnott
              last edited by Apr 23, 2025, 2:37 PM

              @JKnott I'm not violating anything with my ISP. I have a Business class setup to do with whatever I like. Also I called my ISP and told them the story as long as I'm not reselling and profiting my bandwidth which I'm not i'm allow to give it away at no cost which I'm. and Also I went to my local branch ISP and talked to two management teams and they said it is prefectly fine. And any problems let them know. They even gave me pointers on how to be successful with this.

              I'm all set on this subject.

              1 Reply Last reply Reply Quote 1
              • J Offline
                josephchrzempiec @stephenw10
                last edited by Apr 23, 2025, 2:42 PM

                @stephenw10 Is there some examples or some steps I can do for this to be limiting between users?

                1 Reply Last reply Reply Quote 0
                • J Offline
                  josephchrzempiec @Gertjan
                  last edited by Apr 23, 2025, 2:47 PM

                  @Gertjan said in A lot of users?:

                  @josephchrzempiec

                  Most 'serious' access points can handle bandwidth limiting for every wifi user, >and, bonus, handle the client isolation for you, something the router you use, >pfSense in this case, can't do.

                  My access points can not do limiting for each user. It will have to be on the pfsense side to do this.

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    stephenw10 Netgate Administrator
                    last edited by Apr 23, 2025, 2:58 PM

                    I don't think we have a specific example doc but this covers it: https://www.provya.com/blog/pfsense-limit-maximum-bandwidth-per-users-with-limiters/

                    J 1 Reply Last reply Apr 23, 2025, 2:58 PM Reply Quote 0
                    • J Offline
                      josephchrzempiec @stephenw10
                      last edited by josephchrzempiec Apr 23, 2025, 3:00 PM Apr 23, 2025, 2:58 PM

                      @stephenw10 said in A lot of users?:

                      https://www.provya.com/blog/pfsense-limit-maximum-bandwidth-per-users-with-limiters/

                      Thank you I'm looking at it. The problem I have is the download speed is more then enough. Only thing I worry about if more and more people get on it that enough people wouldn't have enugh bandwidth to do anything.

                      upload speed is the same problem.

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        stephenw10 Netgate Administrator
                        last edited by Apr 23, 2025, 3:03 PM

                        Exactly, so you set the total bandwidth at, say, 500Mbps and it assigns pipes dynamically depending on how many source/destination IPs are connected. I.e. Only one connected user would get 500Mbps but with 10 connected each would get 50Mbps.

                        Now that can still be an issue if you have 500 connected IPs! 😉 But it prevents one user just sucking all the bandwidth.

                        J 1 Reply Last reply Apr 23, 2025, 3:05 PM Reply Quote 0
                        • J Offline
                          josephchrzempiec @stephenw10
                          last edited by Apr 23, 2025, 3:05 PM

                          @stephenw10 Got you Thank you. Now i have to figure the whole not letting users see the router and each other. The bandwidth part I think figured it out.

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            stephenw10 Netgate Administrator
                            last edited by Apr 23, 2025, 3:07 PM

                            Users don't see each other > 'client isolation' in the APs.

                            Users don't see the firewall > firewall rules in pfSense.

                            J 1 Reply Last reply Apr 23, 2025, 3:13 PM Reply Quote 0
                            • J Offline
                              josephchrzempiec @stephenw10
                              last edited by Apr 23, 2025, 3:13 PM

                              @stephenw10 Theses Ap are cheap chineses AP. they can see each other and no option to stop that as the firmware is limited. that is why they are cheap chinese AP.

                              As far as the not seeing the router I will look into that. Thank you.

                              1 Reply Last reply Reply Quote 0
                              • S Offline
                                stephenw10 Netgate Administrator
                                last edited by Apr 23, 2025, 3:16 PM

                                Hmm, I would double check that. It might be renamed something by their firmware but I've never seen an AP that didn't have that option. It's a low level hardware setting that is present in everything.

                                Or you might be able to flash them with a 3rd party firmware that does expose it like OpenWRT.

                                J 1 Reply Last reply Apr 23, 2025, 3:19 PM Reply Quote 0
                                • J Offline
                                  josephchrzempiec @stephenw10
                                  last edited by Apr 23, 2025, 3:19 PM

                                  @stephenw10 to be honest I'm not sure I will look through it again and look at the manual that was given as well.

                                  1 Reply Last reply Reply Quote 0
                                  • S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by Apr 23, 2025, 3:26 PM

                                    What APs are they specifically?

                                    J 1 Reply Last reply Apr 23, 2025, 6:33 PM Reply Quote 0
                                    • J Offline
                                      josephchrzempiec @stephenw10
                                      last edited by Apr 23, 2025, 6:33 PM

                                      @stephenw10 I didn’t buy them. They was giving to me by a friend of mine. They look like they have custom firmware on them. I looked them up and found them on made in china website. link text

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by stephenw10 Apr 23, 2025, 10:04 PM Apr 23, 2025, 9:50 PM

                                        So actually Comfast CF-EW71 devices?

                                        Looks like they have some central management. Do you have that?

                                        If those are v2 hardware it looks like OpenWRT recently added support.

                                        J 2 Replies Last reply Apr 24, 2025, 5:59 AM Reply Quote 0
                                        • N Offline
                                          NollipfSense
                                          last edited by Apr 24, 2025, 1:00 AM

                                          May I suggest a Mikrotik AP device!

                                          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                                          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                                          J 1 Reply Last reply Apr 24, 2025, 6:02 AM Reply Quote 0
                                          20 out of 27
                                          • First post
                                            20/27
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received