Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to limit upload bandwidth only to certain destinations on the internet?

    Scheduled Pinned Locked Moved
    Traffic Shaping
    2
    3
    110
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lburns
      last edited by

      I have an older firewall that I cannot upgrade until later this year, but I need to manage the upload bandwidth used when sending data to certain cloud backup vendors.

      I have tried to follow the documentation, but I cannot disrupt connectivity - so I am going to ask for advice.

      How do I limit the bandwidth used when sending data to certain cloud backup providers?
      I will start with Backblaze.

      Their upload targets are:

      • 206.190.208.0/21
      • 104.153.232.0/21
      • 149.137.128.0/20
      • 45.11.36.0/22
      • 2605:72c0::/32

      All Backblaze servers use the *.backblaze.com or *backblazeb2.com domains.

      Would someone explain to me how to limit the outgoing bandwidth to these addresses?

      I assume I would create an alias for the destinations, but how would I build the limiter and use that?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @lburns
        last edited by

        @lburns You can use a LAN firewall rule to assign a queue:
        https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html#assigning-and-using-limiters

        So something like, LAN rule, allow from device IP (or any) to BackBlaze_Alias, set an IN pipe to your 10Mbps limiter.

        Remember it will take effect for new connections.

        Often times, the device can do that also, for example Datto and rsync have speed limits I know. I don't know about Backblaze.

        DNS probably won't work for your alias. If their list of subnets is incomplete, pfBlocker has a way to create aliases by ASN (company/registered IP blocks).

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        L 1 Reply Last reply Reply Quote 1
        • L
          lburns @SteveITS
          last edited by

          @SteveITS

          Thanks man.

          While you typed this, I set up a virtual server and tested in a sandbox..got it!

          fda705f3-a69e-4b65-9d88-296fdf82f207-image.png

          1 Reply Last reply Reply Quote 1
          • First post
            Last post