Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bandwidth limit per IP

    Scheduled Pinned Locked Moved Traffic Shaping
    12 Posts 7 Posters 23.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nykollas
      last edited by

      Hi all

      I am new to Pfsense but I am trying to learn. I have a small network with an ADSL D-link router and a bandwidth of 4 mb ( 0.5 mb upload). We share this among 9 people. Some of them are downloading using Limewire or other P2P clients and for this reason I need to limit their bandwidth.
      I tried to use Pfsense before on this PC (Pentium 2, 350 MHz, 256 RAM, 10 GB HDD), but it didn't worked properly, some websites didn't worked, it was slow … anyway I guess I did something wrong.
      I am thinking to continue to use the D-Link router and to add the PC with pfsense  only for these users that are dowloading.
      So my question is kind of simple: is it posible ? The router has the 192.168.0.1/24 subnet and has a dinamyc public IP.
      I want to put the pfsense with a static IP on WAN , eg 192.168.1.100, and the LAN to give a different subnet ... Question is what subnet should I choose for the LAN to work properly ?
      On this LAN I would connect a switch with the problematic users. I want to assign a bandwidth limit for the LAN interface lets say 2000 Kbs down and 250 Kbs upload.
      And I was thinking to have a bandwidth limit per user/IP of 400 Kbs with 50 kbs upload using penalty IP shaping rule.
      And for the LAN how can I make sure that they are not using manual IP addresses ?
      I am thinking to use static IP address for each user and create an aliass from their range, and have the firewall to pass the traffic with the bandwidth limit rules. And block everything else in case they are changing manualy their IPs.

      Thank you all

      1 Reply Last reply Reply Quote 0
      • X
        xaviero
        last edited by

        no u can't, if u wanna it badly, maybe u can try mikrotik router os.

        1 Reply Last reply Reply Quote 0
        • N
          nykollas
          last edited by

          ok if this is not working, maybe you can advise me to something related to this, Mikrotik …. I dont' think it will work on this PC. What about monowall , can I limit the downloaders bandwidth with that ?

          1 Reply Last reply Reply Quote 0
          • S
            Supermule Banned
            last edited by

            No….

            1 Reply Last reply Reply Quote 0
            • X
              xaviero
              last edited by

              no u cant
              maybe clarkconnect u can try or mikrotik….

              1 Reply Last reply Reply Quote 0
              • E
                eri--
                last edited by

                pfSense 2.0 or m0n0 can do this.

                1 Reply Last reply Reply Quote 0
                • N
                  nykollas
                  last edited by

                  It has to be a way to do something. I tried to use the IP penalty and indeed is limiting the bandwidth. I set it to 400 kbs and then I tested with speedtest.net and it worked perfectly.
                  The problem for the LAN is that in the IP penalty you can put only 1 IP or a range of Ip's with aliasses. If I choose aliasses (eg  10 IP's ) and I put 400 kb , it will limit the bandwidth for each IP or for all at the same time ?
                  I also tried to make more queues and rules based on the qIPpenaltydown and qIPpenaltyup and change the IP address for each new rule.
                  If I assign static IP addresses on LAN based on their MAC and limit these IP's from the firewall like I said above , is it going to work ?
                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • N
                    nykollas
                    last edited by

                    @ermal:

                    pfSense 2.0 or m0n0 can do this.

                    where I can get pfsense 2.0 ?
                    how monowall will do what I need ? I didn't see any IP penalty like feature, or something that will allow me to limit the bandwidth per IP or user
                    I was thinking to add more NIC's and limit the bandwidth for each of them , and then connect each PC to one NIC. Is this going to do the trick ?

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • K
                      khan
                      last edited by

                      @nykollas:

                      @ermal:

                      pfSense 2.0 or m0n0 can do this.

                      where I can get pfsense 2.0 ?

                      get it here (assuming that u will use it for x86 platform)

                      http://snapshots.pfsense.org/FreeBSD_RELENG_8_0/pfSense_HEAD/livecd_installer/

                      how monowall will do what I need ? I didn't see any IP penalty like feature, or something that will allow me to limit the bandwidth per IP or user

                      1. use monowall latest beta current is m0n0wall 1.3b18. get it here
                      http://m0n0.ch/wall/beta.php
                      after installation & basic setup use web interface to connect.
                      2. In the traffic Shaping section create (some–--if u need different speed for different ip) pipes for ur bandwidth limitations defining bandwidth,packet loss rate,mask(destination for download limit& source for upload limit). (u dont need queue size & put a description as the name of the pipe). u need pair of pipes for upload & download.
                      3.Now at rule section create some rules to limit bandwidth defining
                      a. Target ------ ur created pipe(speed class) for shaping.
                      b. Interface ---- LAN in ur case
                      c. Protocol ---- choose if u want to limit according to services. If u want to limit for all services choose   
                          "any".
                      d. source-------to shape download limit use any.
                      e. Source port range ------any for all port.
                      f. Destination------ if u want to shape whole  network use network & put network ip & subnet.
                        otherwise select "single ip" & the ip address
                      g. Destination port range-------any for all port.
                      h. Direction------------any.
                      I. Leave other next field default or as u wish.
                      j. give a name as description & hit save. dont forget to hit "apply changes"

                      Note: remember u need another rule for upload otherwise only download limit will be shaped. for upload limit create another pipe with mask source & alter the "source" "destination" settings above.

                      Hope it may help u.

                      I was thinking to add more NIC's and limit the bandwidth for each of them , and then connect each PC to one NIC. Is this going to do the trick ?

                      Thanks

                      Very bad & desperate idea. dont even think about it.

                      1 Reply Last reply Reply Quote 0
                      • E
                        eri--
                        last edited by

                        2.0 can do this.
                        On 1.2.3 you can do this through CP if you can use it.

                        1 Reply Last reply Reply Quote 0
                        • C
                          chance
                          last edited by

                          Put them in an alias, and then use the traffic shaper wizard to limit there available bandwidth accordingly, why did nobody think of that solution for this person?

                          That will allow them to share the X bandwidth between the entire alias group.Though I do not know of any way to cap people off at a certain MB count using pf.

                          1 Reply Last reply Reply Quote 0
                          • W
                            whitediode
                            last edited by

                            @nykollas:

                            And for the LAN how can I make sure that they are not using manual IP addresses ?
                            I am thinking to use static IP address for each user and create an aliass from their range, and have the firewall to pass the traffic with the bandwidth limit rules. And block everything else in case they are changing manualy their IPs.

                            I hate those people also  :D
                            you can use ipguard
                            http://ipguard.deep.perm.ru/
                            By

                            pkg_add -r ipguard
                            

                            it can bind ip address to mac and prevent (as much as it can) others from changing there ip's by adding mac-ip pair in file like this

                            00:11:22:33:44:55 192.168.1.2
                            00:44:55:66:77:88 192.168.1.6

                            actually idon't know why it hasn't been added to pfsense packages. if users can take any ip they want ,then all firewall configuration and traffic shaping is in vain.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.