Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enable limiter mask on Source/Destination PORT

    Scheduled Pinned Locked Moved Traffic Shaping
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Avonjo
      last edited by

      We are planning to use pfsense to protect an IM/Voip application using sip over udp. We want to throttle the traffic coming from IM/Voip clients from the Internet to the app servers. Maybe this can only be effective on a per source port traffic limiter. Is there any way to enable this?

      If not, any suggestion on how to do this without changing the app servers?

      TIA

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There isn't currently a way to mask my port, only by source or destination address.

        Are multiple users behind the same NAT router really enough of a problem that throttling by source address wouldn't be sufficient?

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          Avonjo
          last edited by

          Thanks for the reply Jimp!
          Throttling based on source/destination IP can work but may not be very effective.

          Here's a rough overview diagram:

          [voip client/s]โ€“->[NAT Router]โ€“->[INTERNET]โ€“->[PFSENSE]โ€“->[VOIP Application]

          It's tricky to set a good bandwidth value on the limiter that control abuse for extreme scenarios:
          1. one client behind a NAT (home)
          2. 10 or more clients behind a NAT (small office)
          3. 50 or more clients behind a NAT (medium office or MALL)

          We may end up with either bandwidth being too big for one user in one IP;ย  but too small for many users in a shared IP.

          We can have better control by limiting bandwidth on a per source port. We're OK for one user to get crappy connection if he's sending above the throttle limit of his port as long as it's not affecting the rest of the users.

          I hope this makes more sense.

          1 Reply Last reply Reply Quote 0
          • A
            Avonjo
            last edited by

            Can this feature be available from commercial support?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.