Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I limit a user to a defined bandwidth without crippling the internal LAN bandwidth

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 3 Posters 538 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Morad__T
      last edited by

      I'm trying to prevent someone on my network from hogging up all the bandwidth
      I want to limit him to for example 4 Mbps Downlink & 2 Mbps Uplink
      All the floating rules I have been trying for the past 5 or so hours have failed miserably
      The only thing that works is a LAN rule but that limits all traffic to said bandwidth even for internal connections (using iperf/jperf to test internal speeds and speedtest for the external ones)
      Is there anything that can limit only the external connections? (Yes I tried WAN rules with no help at all either)

      Anything is greatly appreciated
      Thanks

      T 1 Reply Last reply Reply Quote 0
      • N
        netblues
        last edited by

        You can control bandwidth only on the direction and interface that enters pf, not leaving it.
        If you go by floating rules, then it has to be defined in pairs
        eg, source ip should be 192.168.1.55 (suppose this is the hogs ip) and target not 172.16.0/0/16 assuming this is another internal network routed via pf

        For inbound, source should be NOT 172.16.0.0/16 and target 192.168.1.55
        And also consider the fact that speedtest checks with multiple connections.
        and is not the same as iperf
        Iperf is the preferred tool at least initially.

        1 Reply Last reply Reply Quote 1
        • T
          tman222 @Morad__T
          last edited by

          @Morad__T - Why not setup a limiters for this particular host / IP and then apply them to a new LAN firewall rule that controls outbound (i.e. internet bound) traffic for just that host / IP (be sure to place it above the rule that controls outbound i.e. internet bound traffic for the rest of the hosts of the LAN).

          If you want to make sure that LAN traffic (which passes across the firewall) is not limited for that host / IP, place one or more additional rules above that newly created rule (that has the limiters applied), with the source being that host / IP and destination being whichever LAN / subnet you don't want speed limited. Remember firewall rules are evaluated from the top down. Essentially it would be similar to this:

          Type Src Dst
          Pass Host/IP Local Subnet1....N (No Limiters)
          Pass Host/IP Any (Limiters Applied)
          Pass LAN Any (No Limiters)

          Hope this helps.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.