Limiters do not work with NAT
erode last edited by
Dear friends of the community:
I have implemented the bandwidth limiter on my wifi network for upload / download and it works well. I have created the limiter, as a "source address" and mask / 32. Then I limit the bandwidth per host 2 mb.
Then when someone down a file from the webserver, I consume all the bandwidth. I am applying limiters, but do not work. I have them on the LAN interface created in this way:
Destination: 192.168.0.17 (webserver)
And limiters in / out.
The strange thing is that if I do a speed test on the server, speed up and down is limited by the limiter to apply.
In short, when I make a NAT limiter stops working.
They would know that is?
From now I appreciate any information about it.
Greetings to the community.
pd: im using pfsense 2.3.2
MMapplebeck last edited by
Have you set the limiter on the associated firewall rule that is created when a NAT entry is made?
That is because limiters are applied when a state is created, which is done on WAN, not on LAN. But due to a long-standing limitation, you cannot place limiters on the same interface as NAT rules.
Try making a floating rule.
Destination port: 80
In/Out pipes: Your limiters
Note than on a rule on an outbound interface the direction is reversed so In will be to the webserver and out will be from the web server. I think. It's confusing. If you get it backwards, flip them.
Note that that will catch traffic in both directions on inbound connections to your port forwards. You do not need the rules on LAN. If you want connections made BY the web server, not TO the web server to not be limited, just remove the limiters on LAN.
I do not know for sure if this will escape the NAT+Limiters bugs but I think so. Be sure to use interface LAN (or your web server's interface) direction out.