Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tutorial : CP BW user specific limiter with squid transparent zero pinalty hit

    Scheduled Pinned Locked Moved Captive Portal
    1 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anto_DIGIT
      last edited by

      How to bypass traffic of proxy hit from captiveportal BW limmiter ?

      USE YOUR OWN DISCRETION!  TRY THIS AT YOUR OWN RISK!
      do not perform the following steps : http://forum.pfsense.org/index.php/topic,14436.0.html. The Modifications will bypass the CP login and CP BW limmiter.
      PFsense configuration requirements :

      • captiveportal BW limmiter enable,
      • squid transparrent
      • DNS forwarder

      1. input the following codes into the Custom Options on GUI Pfsense: Services -> Proxy Server -> General

      Custom Options :

      zph_mode tos;
      zph_local 0x04;
      zph_parent 0;
      zph_option 136;

      Press OK

      Through "putty", check whether the package marked already appeared:

      tcpdump -nvi rl0 | grep 'tos 0x4'

      2. Edit /usr/local/captiveportal/index.php
      Please backup the original first ..
      cp /usr/local/captiveportal/index.php /usr/local/captiveportal/index.bak
      Through "winscp", edit /usr/local/captiveportal/index.php

      /usr/local/captiveportal/index.php at line 290 : _if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                  $bw_down_pipeno = $ruleno + 45500;

      exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                  exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                  exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");

      exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");

      } else {
                  exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");_

      The above code is if you do not want a different bandwidth settings in the GUI, if you need specific BW limitter :
      example :
      **- username : admin,  BW down : 384kBps

      • username : guest, BW down : 128kBps
        Another username BW is fixed, according to the settings in the GUI.**
        /usr/local/captiveportal/index.php at line 290 :

      if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                  $bw_down_pipeno = $ruleno + 45500;
                  exec("/sbin/ipfw pipe 30012 config bw 384Kbit/s queue 100");
                  exec("/sbin/ipfw pipe 30022 config bw 128Kbit/s queue 100");
                  if ($username=='admin')      {
                            exec("/sbin/ipfw add $ruleno pipe 30012 all from any to $clientip out proto not iptos reliability");         
                  else if ($username=='guest')      {
                            exec("/sbin/ipfw add $ruleno pipe 30022 all from any to $clientip out proto not iptos reliability");         
                  } else {
                            exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                            exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");
                  }
                  exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                  exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");
      } else {
                  exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");

      3. Check ipfw rule
      ipfw list

      4. Traffic Shapping
      Adjust the bandwidth in order to max BW Traffic shapping LAN is not limited

      5. Firewall rule : Block port 3128 on LAN interface.

      6. Good luck ..

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.