How to limited bandwidth for download and upload but not for browsing?



  • Hi guys!
    I was trying to config traffic shaping on my pfsesne. I used the traffic shaping wizard and limited the download and upload bandwidth on my wan interface and it works fine.
    My next goal is to have limited bandwidth for download and upload but unlimited bandwidth for browsing. I've searched alot and couldn't find the answer.Is there any way to do that?
    I'm using pfsense 2.3.4



  • Make ports 80 (HTTP) and 443 (HTTPS) unlimited.



  • @Nullity:

    Make ports 80 (HTTP) and 443 (HTTPS) unlimited.

    How can I do that?


  • LAYER 8 Global Moderator

    So how does that limit him when he is uploading or downloading on 80 or 433?

    He didn't say he was downloading or uploading via some other protocol..



  • @johnpoz:

    So how does that limit him when he is uploading or downloading on 80 or 433?

    He didn't say he was downloading or uploading via some other protocol..

    True, but prioritizing 80/443 would only improve browsing, right? It would not make it any worse.

    I wish pfSense had the ability to classify streams by data transferred or time-span like iptables can. Maybe snort or squid can do that?

    @The Windrunner
    Can you share more details about your traffic-shaping config and anything else you think could help us help you.



  • There's a little change in my scenario. I understand that I have to use limiters to limit each user instead of the wizard. so I create 2 limiters and then defined a firewall rule in order to apply those limiters.after that when I use the speedtest it says it's working just fine but when I try to download something (using both IDM and browser) I get the whole bandwidth.
    I attached my configurations.

    UPDATE: I've found out that it is squid's problem. When I disable squid proxy server my limitation's work fine but I don't know how they should work together.













  • Galactic Empire

    Squid will uses its cache and not go out to the internet if your trying to download the same file each time ?

    You don't need to worry about if the file is cached, if it is it wont eat into your bandwidth.


  • LAYER 8 Global Moderator

    "UPDATE: I've found out that it is squid's problem. When I disable squid proxy server my limitation's work fine but I don't know how they should work together."

    Well when you use squid why would it be limited?  Squid that is running on pfsense is going out and getting what the client asks for.  Your limiters are based upon traffic coming into the lan interface.

    You should be able to limit bandwidth in squid.



  • The most difficulty is to set up floating rules for inbound.  For example, I wanted to put http downloads for XBOX in a low priority queue.  I did a floating rule for 80 source,  destination (xbox IP), to go to my lowprioqueue.  But even though the floating rule is at the bottom, it never gets used.  It's hard to do inbound matching, any help on this?


Log in to reply