Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Torrent ignore bandwidth limiter

    Scheduled Pinned Locked Moved Traffic Shaping
    9 Posts 4 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alexthunder
      last edited by

      Hi guys,
      I set a bandwidth limit for each user of 1Mbps in download and 512Kbps in upload; when I perform a connection test, the limit is actually observed, however the torrent client has much more bandwidth available, in fact in both, download and upload, the set limit is exceeded by a lot!!!
      Where is the problem? What can I do to retract the torrent traffic within the bandwidth limit? I set a Layer 7 container where I put torrent in action block. This block even if is  not set the protocol obfuscation on the client, does not work at all !!
      Help !!!!

      Thanks for any suggestions,
      Alexander

      1 Reply Last reply Reply Quote 0
      • E
        Ecnerwal
        last edited by

        Where and how did you set your limit? There are multiple possibilities.

        The limiter in the traffic shaper seems the most likely to work for sure, on a per-user basis, IMLE.

        One dynamic set for up with "Source" set and the up trafffic limit

        and one dynamic set for down with "Destination" set and the traffic limit.

        …and then you need to create (or modify) rules to use those limiters for in/out traffic.

        Could be you created limiters but did not modify a rule to use them? You can set the LAN default rules to use them, for a simple deployment. Edit rule, advanced features, In/Out.

        While it's NOT the behavior you are asking for, this thread has good info about setting up the shaper (where even sharing rather than hard limiting is the desired behavior)

        https://forum.pfsense.org/index.php?topic=63531.0

        As far as I can see, except for a home situation where the pfSense admin is also the person doing the torrenting, the layer 7 stuff (at least for torrents, et al) is basically rendered hopeless by encryption so the "whitelist" approach of matching an elevating traffic you want while hard-limiting traffic you can't classify is most likely to do something with it; but I assume that some more annoying clients likely pretend to be desirable traffic (I don't have VOIP phones, but I tried tossing that on the traffic shaper wizard for the heck of it, and that queue suddenly filled with LOTS of traffic - so I slapped an upperlimit on it and made some dent in "whatever" for now.) The split-per-host (which seems to be working on my 2.1.5 install just fine - I gather there were perhaps some problems on certain earlier versions) has a better chance (IMHO) to keep things fair, though my results thus far are non-miraculous, but do seem like an improvement over what I had been doing (but I haven't devised or carried out tests other than alter things and see what happens to traffic and ping times as my users grind away)

        pfSense on i5 3470/DQ77MK/16GB/500GB

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          I have seen the same thing.  I have yet to figure it out.  BitTorrent manages to get around the limiter.  Damndest thing.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            These clients are designed to hide their traffic type, be adaptive when it comes to port and protocol.  In short, you are fighting a losing war.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              A limiter on the IP address of the downloading/uploading workstation shouldn't care.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                Yep - Thats strange.  Hard limits on bandwidth per customer seems would be obeyed no matter type of traffic.  Weird.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  I have been testing in my VM stack and it appears to work as expected (Limited to 1Mbit/sec) until you port forward a port to the client.  I'm using Transmission on Ubuntu.

                  When I had the port forwarded with no limiter on the NAT firewall rule, It just downloaded as fast as it could.

                  So here's what I think you need to do to rate limit Bittorrent on a specific host with a port forward.

                  This will limit the host to 2Mbit/sec.

                  You need four limiters:

                  BittorrentLANIn    1Mb Mask: source addresses
                  BittorrentLANOut  1Mb Mask: dest addresses
                  BittorrentWANIn  1Mb Mask: dest addresses
                  BittorrentWANOut 1Mb Mask: source addresses

                  Create a firewall rule on LAN passing traffic sourced from the host you want to limit somewhere above your pass any any rule.  This has to be the entire host.  Bittorrent will use all sorts of ports.  Set the limiters to BittorrentLANIn/BittorrentLANOut.

                  On the firewall rule on WAN that passes your Bittorrent port to your host, set the limiters to BittorrentWANIn/BittorrentWANOut.

                  If OP is not using a port forward, we need to start again.  I set the limiter and without a port forward it worked fine.

                  ![Screen Shot 2014-11-09 at 11.54.50 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-11-09 at 11.54.50 AM.png_thumb)
                  ![Screen Shot 2014-11-09 at 11.54.50 AM.png](/public/imported_attachments/1/Screen Shot 2014-11-09 at 11.54.50 AM.png)

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    would uPNP count as a port forward?  Just in case thats on…

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      I would assume so.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.