4. Sharing limiters and child limiters between firewall rules

Sharing limiters and child limiters between firewall rules

  • G

    I understand how to create limiters and child limiters, but I have a question regarding sharing a limiter between different rules.

    My scenario:
    I have 3 tenants at my property, who during certain hours hammer my connection with VoIP and streaming usage.  I currently have a number of pre-defined limiters set to work with, in granular increments, however the two limiters I'm using are –

    • Up_3_Mbps (Source address)

      • qUp_3_Mbps (Source address)

    • Down_20_Mbps (Destination address)

      • qDown_20_Mbps (Destination address)

    Each limiter has a child limiter as described above.

    I've made 3 firewall pass rules, with the source being an alias for each tenant's devices.  The rules have their In/Out pipes defined to the child limiters described above (qUp_3_Mbs / aDown_20_Mbps).

    The desired effect is to have all 3 tenants share a 20/3 connection, not to give each a separate 20/3 connection.  Am I setting up the rules correctly?

    Kindest regards for your advice!

    0
  • G

    I understand my question may have been answered before, but I'm unable to find a similar thread explaining this, thus the new post.  If someone can off-hand recall a post that answers my question, please kindly link it here.

    Thanks!

    0
  • LAYER 8 Netgate

    No you would not mask on the parent limiters - just the children. masking on the parent will create a separate pipe for every source/dest IP address.

    0
  • G

    Thanks for your reply Derelict.

    So if I'm understanding you correctly, I should remove the source/destination address mask from the parent limiter (e.g. Up_3_Mbps), and instead set the mask to source on the child limiter (e.g. qUp_3_Mbps).  So in my case, if I use the child limiter qUp_3_Mbps on multiple firewall rules, all those rules share that pipe?  If I let's say create multiple child limiters under the parent (e.g. qUp_3_Mbps_1, qUp_3_Mbps_2, qUp_3_Mbps_3, etc. etc.) then they would all share a single 3 Mbps pipe?

    0
  • LAYER 8 Netgate

    That is my understanding, yes. You can put multiple interfaces into the same limiter and they will all share that bandwidth as long as they are not masked.

    0
  • G

    Thank you very much  Derelict for confirming.  I've now adjusted my firewall rules per your suggestion.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy