How could I block NAT or routing from users of my LAN



  • Hello friends, I have a problem in my LAN. The users are using to much the hotspot tehering for a WAN connection that is far from be fast, almost compare to an ADSL connection of 2Mbps for more than 20 users. I need to control this situation, I have investigated about this and found that Mikrotik use rules that prevent this by changing the ttl to 1 (TTL=1). This solution avoid the use of routers or another L3 equipment inside the LAN of the pfsense.
    My question is: Can I do the same using my pfsense firewall? I mean, would I be able to use a mangle packet filtering to change the TTL for this specific situation?


  • LAYER 8 Global Moderator

    Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.



  • @johnpoz:

    Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

    They are not going to the outbound directly, they are managed by el proxy server wich have full access to the WAN interface of the pfsense (www). I do not want to block them at all, I just want to know whem an user is using NAT before enter to the infraestructure.


Log in to reply