Limit the bandwidth of specific ports

labdarex · Aug 15, 2015, 1:20 AM

Hello and good day!

I just wanted to know if it's possible to limit the bandwidth of specific ports such as port 80, 443, and 8080. Currently trying to test out if it's possible though but it seems that it's not limiting properly. Maybe I did something wrong though. I'm open for any suggestion to fix this.

Hoping for some help and Thank you. - Jake Robert :D

Ports

Sample Port Bandwidth Limiter

Scheduler of the Limiter

IP address scope

Download queue

Upload queue

Harvy66 · Aug 15, 2015, 3:26 AM

Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

Derelict · Aug 15, 2015, 4:05 AM

Yeah. Destination should be any.

labdarex · Aug 15, 2015, 9:58 AM

@Harvy66:

Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

@Derelict:

Yeah. Destination should be any.

Alright I'll try to set Destination to "Any". I'll get back to you if it works. :p

Derelict · Aug 15, 2015, 2:13 PM

If you want only client_ips to be limited, put the alias in the source instead.

And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

labdarex · Aug 18, 2015, 10:20 AM

@Derelict:

If you want only client_ips to be limited, put the alias in the source instead.

And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

Hi again currently I did some changes by dropping the "client_ips" to "any" and changed the scheduler to the limiter only not on the rule. Just to see if it works. Still I'm not sure if it's working correctly.

Just to be sure though I think I got the concept of limiters all wrong though. The Limiters for the bandwidth of both the Download and Upload are only for each client that accesses the pfSense Installation and not the totality of an IP range?

Example:

192.168.1.101 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. Other IP address will also get the same rule?

Instead of:

From 192.168.1.101 to 192.168.1.200 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. The rule is applied across the IP Range.

Forgive me I'm a bit confused right now. :o

Derelict · Aug 18, 2015, 4:20 PM

You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

Which do you want? A separate limiter for every client or a pool they all share?

labdarex · Aug 18, 2015, 11:49 PM

@Derelict:

You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

Which do you want? A separate limiter for every client or a pool they all share?

I prefer a pool they will share. The rule is applied across an IP Range.

Derelict · Aug 19, 2015, 12:18 AM

https://forum.pfsense.org/index.php?topic=96941.msg543955#msg543955

You would, of course, tweak the firewall rule to match any address on the specific ports.

If you want a separate pool for each port you'll need to define a different set of limiters for each one.

As far as I know if you set the same limiters on different rules they're all pooled together.