Torrent ignore bandwidth limiter
-
Hi guys,
I set a bandwidth limit for each user of 1Mbps in download and 512Kbps in upload; when I perform a connection test, the limit is actually observed, however the torrent client has much more bandwidth available, in fact in both, download and upload, the set limit is exceeded by a lot!!!
Where is the problem? What can I do to retract the torrent traffic within the bandwidth limit? I set a Layer 7 container where I put torrent in action block. This block even if is not set the protocol obfuscation on the client, does not work at all !!
Help !!!!Thanks for any suggestions,
Alexander -
Where and how did you set your limit? There are multiple possibilities.
The limiter in the traffic shaper seems the most likely to work for sure, on a per-user basis, IMLE.
One dynamic set for up with "Source" set and the up trafffic limit
and one dynamic set for down with "Destination" set and the traffic limit.
…and then you need to create (or modify) rules to use those limiters for in/out traffic.
Could be you created limiters but did not modify a rule to use them? You can set the LAN default rules to use them, for a simple deployment. Edit rule, advanced features, In/Out.
While it's NOT the behavior you are asking for, this thread has good info about setting up the shaper (where even sharing rather than hard limiting is the desired behavior)
https://forum.pfsense.org/index.php?topic=63531.0
As far as I can see, except for a home situation where the pfSense admin is also the person doing the torrenting, the layer 7 stuff (at least for torrents, et al) is basically rendered hopeless by encryption so the "whitelist" approach of matching an elevating traffic you want while hard-limiting traffic you can't classify is most likely to do something with it; but I assume that some more annoying clients likely pretend to be desirable traffic (I don't have VOIP phones, but I tried tossing that on the traffic shaper wizard for the heck of it, and that queue suddenly filled with LOTS of traffic - so I slapped an upperlimit on it and made some dent in "whatever" for now.) The split-per-host (which seems to be working on my 2.1.5 install just fine - I gather there were perhaps some problems on certain earlier versions) has a better chance (IMHO) to keep things fair, though my results thus far are non-miraculous, but do seem like an improvement over what I had been doing (but I haven't devised or carried out tests other than alter things and see what happens to traffic and ping times as my users grind away)
-
I have seen the same thing. I have yet to figure it out. BitTorrent manages to get around the limiter. Damndest thing.
-
These clients are designed to hide their traffic type, be adaptive when it comes to port and protocol. In short, you are fighting a losing war.
-
A limiter on the IP address of the downloading/uploading workstation shouldn't care.
-
Yep - Thats strange. Hard limits on bandwidth per customer seems would be obeyed no matter type of traffic. Weird.
-
I have been testing in my VM stack and it appears to work as expected (Limited to 1Mbit/sec) until you port forward a port to the client. I'm using Transmission on Ubuntu.
When I had the port forwarded with no limiter on the NAT firewall rule, It just downloaded as fast as it could.
So here's what I think you need to do to rate limit Bittorrent on a specific host with a port forward.
This will limit the host to 2Mbit/sec.
You need four limiters:
BittorrentLANIn 1Mb Mask: source addresses
BittorrentLANOut 1Mb Mask: dest addresses
BittorrentWANIn 1Mb Mask: dest addresses
BittorrentWANOut 1Mb Mask: source addressesCreate a firewall rule on LAN passing traffic sourced from the host you want to limit somewhere above your pass any any rule. This has to be the entire host. Bittorrent will use all sorts of ports. Set the limiters to BittorrentLANIn/BittorrentLANOut.
On the firewall rule on WAN that passes your Bittorrent port to your host, set the limiters to BittorrentWANIn/BittorrentWANOut.
If OP is not using a port forward, we need to start again. I set the limiter and without a port forward it worked fine.
![Screen Shot 2014-11-09 at 11.54.50 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-11-09 at 11.54.50 AM.png_thumb)
![Screen Shot 2014-11-09 at 11.54.50 AM.png](/public/imported_attachments/1/Screen Shot 2014-11-09 at 11.54.50 AM.png) -
would uPNP count as a port forward? Just in case thats on…
-
I would assume so.