Limit bandwidth per IP

nydron

In Pfsense, I'm using Lusca cache (modified squid proxy server) to cache big files. From what I read here so far using limiters, it is possible to limit the bandwidth of individual PCs passing through the proxy. In conjunction with bandwidth limiting for each PC, is it possible to configure pfsense so that a PC downloading a big file in the internet that is already in the proxy server, will be allowed to access that file in the proxy server without bandwidth limit?

I mean if the PC is downloading a file in the internet that is not yet in the proxy server, it will have a bandwidth limit during the download. But if the file being downloaded is already in the proxy server (already cached), the PC will be allowed to download the file from the proxy server at full speed without the bandwidth limit.

Can anyone has any idea how this can be done using port 3128 in the browser or the default port 80?  Thank you.

podilarius

nydron: are you using transparent proxy?

nydron

@podilarius:

nydron: are you using transparent proxy?

Hi Podilarius, no, I'm not using transparent proxy at the moment. I configured the PCs' browsers to point to the pfsense sever's ip LAN address using port 3128.  In the future, I plan to use transparent proxy when I figure out how to separate different data traffic.

I already tested limiting the PCs bandwidth using Pfsense's limiter and it worked pretty well.  I'm still studying and researching how to allow the PCs access the lusca/squid cache without bandwidth limit.

podilarius

Then it would seem like you could limit traffic on wan with destination of port 80 and leave port 3128 on LAN without any limiters or just prioritization.

nydron

Thanks for the tip Podilarius. I actually tried that but it seems the limit I put on port 80 (http) on the WAN side was not taking an effect. I'll review my settings again to see if I missed something.

agismaniax

@nydron:

…

I mean if the PC is downloading a file in the internet that is not yet in the proxy server, it will have a bandwidth limit during the download. But if the file being downloaded is already in the proxy server (already cached), the PC will be allowed to download the file from the proxy server at full speed without the bandwidth limit.

...

I use transparant proxy and I want to do this also. Any sugestion?

eri--

If you set the limits on the lan interface of your firewall the limit will be applied nonetheless the file is being served by the cache or remote side.

agismaniax

@ermal:

If you set the limits on the lan interface of your firewall the limit will be applied nonetheless the file is being served by the cache or remote side.

Right now, I have two limiters (Firewall > Traffic Shapper > Limiter):
1. Name: In128
Bandwidth: 128Kbps
Mask: source address

2. Name: Out128
Bandwidth: 128Kbps
Mask: destination address

I have one LAN rule for that limiter (Firewall > Rules > LAN):
Interface: LAN
Proto: any
Source: TEST (this is an alias for a group of IP that have limited bandwidth)
Destination: any
In/Out: In128/Out128

Or should I add another rule in WAN? Could you give me one example?

joviscomp

Hi, is there a way to limit only for accessing the internet at not the cached files on squid? I use squid transparent enabled.thanks.

kyu

@ltech:

Alternatively you could edit the LAN default allow out and add the In/Out option there and it would apply to every host on the LAN individually (each host individually limited to 500Kbps/500Kbps).

I have created the limiter of 10Mbit out and 3Mbit in, followed the instruction as described and put the limiter in the LAN default rule. I tested with 3 PC simultaneously and the speed of each was 9Mbit/s, 8Mbit/s and 10Mbit/s. They were older PC so the speed probably was slower because of its CPU.

Therefore I can attest that by putting the limiter in/out into the LAN default rule. It creates dummypipes for EACH of the IP, not collectively as a whole.

kyu

Further more, I've been testing with different values and placing the limiters in the default LAN rules.

Sometimes, even after I've removed the option of limiter, the setting sticks! I've tried changing the limiter value to something higher (even though it's not being used) to no avail.

Finally I disabled it the limiter and the speed came back up. Odd problem.

cheonne

@nydron:

Thanks for the tip Podilarius. I actually tried that but it seems the limit I put on port 80 (http) on the WAN side was not taking an effect. I'll review my settings again to see if I missed something.

try to create a rule in floating tab for http and https ports and set its limit in advance in/out

ipfftw

As I find this whole direction thing confusing to figure out at first glance, I have made some screen shots of the settings that are currently working for me. I verified by going to speedof.me and testing before and after rule is applied.

The firewall rule is a FLOATING PASS rule, which i never used before but seems to work great. I had no other floating rules.

Please see attached screen shots and duplicate to rate limit one single local IP to 5mbps. Sorry I thought the instructions, while eventually working in some way were somewhat unclear. A picture as an example of working settings is far better imho.

comeback1106

I have same problem like this. This will limit traffic on this interface, not per client :(

gstlouis

@ipfftw
this is old but is it still working for you? I do not see any screenshots, probably cause this is so old...