Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Works! Limiting multiple LAN users, thru single external proxy

    Scheduled Pinned Locked Moved Traffic Shaping
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Javik
      last edited by

      No question here, just documenting that I got something working.

      I work for a school, I am testing out limiting each classroom computer to a fixed max capacity. We also have an external proxy filter through which all traffic must flow for CIPA compliance, with direct web access firewalled off for LAN users.

      Firewall: Traffic Shaper: Limiter

      Name: InLimitLAN
      Bandwidth: 1500 Kb/s
      Mask: Destination addresses

      Name: OutLimitLAN
      Bandwidth: 1500 Kb/s
      Mask: Source addresses

      Firewall: Rules: LAN

      I already had created a Pass rule to allow all LAN users to use the outgoing proxy:

      • Pass Any protocol / Any Addr / Any Port  to [External proxy address]

      I simply modified this existing Pass rule, to add the In/Out queues for the limiter:

      • Advanced Features, In/Out: OutLimitLAN / InLimitLAN

      It can be a bit hard wrapping yer head around the Limiter mask, but my initial selections were backwards. When testing this initially with  http://www.speedtest.net  rather than each machine having 1.5 meg, pfSense was instead creating the limiter queues based on the number of proxy addresses.

      There's only one proxy address we use for all computers, so there was only 1 limiter queue for everything, and running multiple SpeedTest runs would show only a fraction of 1.5 meg per computer.

      The correct mask choices are shown above. With this selection, the limiter is making a queue for each individual desktop, so every machine can hit 1.5 meg in speedtest.net at the same time, up to the combined limit for our Internet connection.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.