Speed Limit not working using limiter

phalguni

I have Done the following steps for Limiting the bandwidth per IP.

1. Firewall –-->Traffic Shaper --->limiter----> create new limiter( I have created two new limiter the are as follows ).

a) enabled the "Enable limiter and its children" --->name "up lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .
b) enabled the "Enable limiter and its children" --->name "down lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

2. Firewall ---->rules ----->lan----> + (Create new rule) ---> most of the settings are unchanged, only the following settings are changed .

Protocol : TCP/UDP -----> source : single host or alias ---> put the client machine's IP -----> in/out: " down lan" "up lan" ---> then save

but when I am checking the client speed using speedtest.net , limiter not working .

Kindly guide on this.

Derelict

Ok. That's wrong.

I assume you want a 2Mb download / 2Mb upload limit per host.

a) enabled the "Enable limiter and its children" –->name "up lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

Should be:

a) enabled the "Enable limiter and its children" –->name "up lan" ---->bandwidth "2mb"---->source address ---> Don't set a mask. Leave it at the default (/32)

b) enabled the "Enable limiter and its children" –->name "down lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

Should be:

b) enabled the "Enable limiter and its children" –->name "down lan" ---->bandwidth "2mb"---->dest address ---> Don't set a mask. Leave it at the default (/32)

Protocol : TCP/UDP –---> source : single host or alias ---> put the client machine's IP -----> in/out: " down lan" "up lan" ---> then save

Should be:

Protocol : TCP/UDP –---> source : single host or alias ---> put the client machine's IP -----> in/out: "up lan" "down lan" ---> then save

Make sure that rule is above anything else that matches.

phalguni

Thank you Sir,

But still it's not working. Is there any other mandatory setting.

Derelict

Post screenshots: Limiter configs, firewall rules.

lmontalvan

Hello everyone.

I too have the same problem. is a PFSense 2.2 (no update, new installation).

the traffic Shapping Works in a host, but don´t work for a network.

The rules in the Firewall is:

Proto Source Port Destination Port Gateway Queue
IPv4 TCP/UDP 10.70.240.0/21 * * 80 - 443 * none

Featur Advance:
IN/OUT –> INLAN / OUT LAN (6MB for each)

The Limiter in the Traffic Shaper:

enabled the "Enable limiter and its children" --->name "in lan" ---->bandwidth "6mb"---->source address ---> Don't set a mask
enabled the "Enable limiter and its children" --->name "out lan" ---->bandwidth "6mb"---->source address ---> Don't set a mask

The configuration is Proxy Transparent

I send the screenshots

Advance_feature.jpg_thumb
Limiter-in-lan.jpg_thumb
firewall_Rules_Edit.jpg_thumb
Limiter-out-lan.jpg_thumb
Rules_Firewall.jpg_thumb

Derelict

There are no queues defined for that rule so I don't know why you're showing that. If that's the traffic you want to limit you have to set the in/out queues on that rule.

You probably want to make an alias for ports 80 and 443 and use that instead of the range 80-443. Or make one rule for each port.

There is no need to include UDP for HTTP/HTTPS. They are both TCP-only.

lmontalvan

Hi Derelict.

Is necesary the queue?

Is not enough the limiter?

Derelict

You create the limiters, but then you need to assign traffic to the limiter queues using firewall rules. In the IN/OUT advanced section.

lmontalvan

Effectively I have it configured that way, in the screenshots I sent is the configuration

Derelict

No idea what you need to do to make it work with a proxy. sorry.

I do see one more error. You have both limiters masked by source address.

On LAN:
your out queue will be your clients' download and should be masked by dest address
your in queue will be your clients' upload and should be masked by source address.

These should be applied to your lan rules with in as in and out as out.