• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to limit specific IP's bandwidth with shaper

Scheduled Pinned Locked Moved Traffic Shaping
24 Posts 8 Posters 24.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    plazasigua
    last edited by Mar 2, 2010, 3:38 AM Mar 2, 2010, 3:31 AM

    I found a way to limit bandwidth per ip, using the shaper and imitating the behavior of the penalty box.
    I was using pfsense for mi local wisp business, here in Honduras, and the bandwidth limiting per ip was a major concern for me, and i don't want to change from pfsense to another solution (i tried clarkconnect, monowall, smoothwall, mikrotik etc…)
    It was a great feeling to find a way that seems so easy, and it works perfectly tested in a production environment!
    i'm not a code expert, but this can help you to achieve this.

    I don put the explanation here because i dont know if anybody is still interested because the last posts are too old.
    if i see interested people i detail the process, is easy, and i'm be very happy to help!

    1 Reply Last reply Reply Quote 0
    • T
      tommyboy180
      last edited by Mar 2, 2010, 3:59 AM

      By all means Deatail the process of your findings.

      That's what the forums are all about.

      -Tom Schaefer
      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

      Please support pfBlocker | File Browser | Strikeback

      1 Reply Last reply Reply Quote 0
      • C
        CheeseE
        last edited by Mar 4, 2010, 5:10 PM

        Hello!

        It will be great, if you explain it, because I has the same problem, without solution, yet…I have to limit some guys p2p traffic in the hostel...

        Thx

        1 Reply Last reply Reply Quote 0
        • A
          Alan87i
          last edited by Mar 5, 2010, 10:28 AM

          Yes please post your findings , Sharing useful information is what a forum is designed for. I have 1 user that seems to be hogging a lot. I would also like to limit the traffic to an xbox 360 say 1 or 2 hours a day then throttle it to dial up speed.

          1 Reply Last reply Reply Quote 0
          • P
            plazasigua
            last edited by Mar 9, 2010, 8:17 PM

            The process is to use the penalty box as a template for additional ip's,
            1- run the wizard for the traffic shaper, and select the penalty ip box , put any ip in there, select p2p control if you wish, and defaul protocols for averything.
            2-  you are going to see the queues created in firewall/traffic shaper/queues, almost all of them with 1% of bandwidht, just lanacks and wanacks with 25%
            this make me realize that is no critical that the sum of all the percentajes are 100%
            3- there are two queues, qpenaltydown and qpenaltyup, anter there like editing, and write down the bandwidht, priority, and scheduler options, is like this:
            1%, priority 2, Random Early Detection REC,Explicit Congestion Notification ECN, and the important part..Upperlimit XXXKb.
            4- go back to the queues page and add a new queue for each ip you want to restrict bandwidth, copying the data from the qpenaltydown queue only (if you only wish to control download speeds) otherwise you need to create two queues for each ip, and put a descriptive name in there Ex, ip35_256kb…
            each queue has the specified speed you want to give to certain ip, 1024kb, 256Kb, 4096Kb etc.
            5- the order in  the queue list is not important.
            go then to the rules page and add after the qpenaltydown rule a new rule (the order is important in here, the rules are procesed in order) beside if you click the add button right after the rule you want to copy, its only a matter of change the name and the speed, and the ip wanted to be restricted, you can also specify an initial speed, and final speed after ceartain a mount of seconds.
            this is useful, beacuse give you the chance of give different bandwidht for browsing and downloading, ex:
            Upperlimit m1- 4096Kb, d-30000 , m2-256Kb  this means that the bandwidth start at 4mb, and after 30 seconds (because the number is in milliseconds) drop to 256k, if you are browsing the web are very unlikely to wait more than 30 seconds to load a page, so the speeds is maintained at 4096Kb, because you never reach the 30 seconds continuous traffic limit, but if you download a huge file from rapidshare by example, after 30 second of continuous activity rapidly drops to 256Kb

            penalty_queues.jpg
            penalty_queues.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • P
              plazasigua
              last edited by Mar 9, 2010, 8:31 PM

              this is the rest of the scrrens of my system, it works great, you can test it downloadin something in the ip address you want to restrict and enabling and disabling the traffic shaper with a check .

              the real finding is to see that you can have more than one penalty queue and rule, literally a lot of them, just make sure to put the rules after the deafult created by the wizard on queue and rule per ip

              penalty_queues_details.jpg
              penalty_queues_details.jpg_thumb
              rules2.jpg
              rules2.jpg_thumb
              rules_edit2.jpg
              rules_edit2.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • T
                tommyboy180
                last edited by Mar 9, 2010, 11:57 PM

                Awesome.

                -Tom Schaefer
                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                Please support pfBlocker | File Browser | Strikeback

                1 Reply Last reply Reply Quote 0
                • R
                  rt_rex
                  last edited by Mar 28, 2010, 2:43 PM

                  Just a hint .
                  If you creat an alias and add all your limited host there is no need to creat all these rules you create it once.
                  I have not tested but it should work.

                  Don´t Try this @home go outside!
                  WIFI Link @ 76 km
                  Pfsense with 3G USB

                  1 Reply Last reply Reply Quote 0
                  • P
                    plazasigua
                    last edited by Apr 13, 2010, 4:28 PM

                    the problem with using alias, is that you are going to use a same penalty queue for several ip´s, sharing the bandwidth asigned for that penalty queue between all of them.
                    i tried that, and if i have 6mb total, and create a 1mb penalty queue, all the ips asigned to that queue share only 1mb between them, but i want 1 mb cap for each, therefore i need to do it the hard way, one penalty for each ip…

                    1 Reply Last reply Reply Quote 0
                    • A
                      Alan87i
                      last edited by May 12, 2010, 1:30 AM

                      So Can  I make multiple queues  All the same just give each one a different name ?
                      IE 5Mb for 2 minutes and 1Mb after for down  /name ip1down
                      and 400Kb for 2 minutes and 100 Kb after  for Up  /name ip1up

                      same as above name ip2down – ip2up

                      1 Reply Last reply Reply Quote 0
                      • P
                        plazasigua
                        last edited by May 13, 2010, 6:59 AM

                        here the examples

                        Optimized-QUEUES.jpg
                        Optimized-QUEUES.jpg_thumb
                        Optimized-QUEUES_2.jpg
                        Optimized-QUEUES_2.jpg_thumb

                        1 Reply Last reply Reply Quote 0
                        • P
                          plazasigua
                          last edited by May 13, 2010, 7:07 AM

                          yes, you only need to make sure and use each queue for a single IP/rule, single host or alias, and select the correct penalty queue,
                          the images are from one of my working boxes..

                          Optimized-QUEUES_3.jpg
                          Optimized-QUEUES_3.jpg_thumb

                          1 Reply Last reply Reply Quote 0
                          • A
                            Alan87i
                            last edited by May 13, 2010, 9:45 AM

                            One question .
                            On the second Image from your last post is that A Down rule/ Queue ?
                            I see you have the IP as the source! and the IN Interface is LAN out is WAN.

                            After Pondering this till my nose bled I figured for Inbound , In interface is set to WAN Out is set to LAN , Protocol (any) The Source is left blank ,, Destination is set IP address .

                            I'm setting for up loads as well and my outbound page looks like your second image.

                            The way I have set it up works for downloads on my laptop , Haven't tested Uploads yet.

                            What I really want to know is Can I use the same down queue and UP queue for more than 1 IP address/ user?
                            For kicks I set a second user up on the same Queue's as my laptop , didn't get and filter errors on the reload. I'll wait and see if the phone starts ringing.

                            1 Reply Last reply Reply Quote 0
                            • A
                              Alan87i
                              last edited by May 13, 2010, 9:49 AM

                              1 rule I made seems to work

                              queuerule.JPG
                              queuerule.JPG_thumb

                              1 Reply Last reply Reply Quote 0
                              • J
                                jhabers
                                last edited by May 13, 2010, 4:52 PM

                                I just tried to set this up and it doesnt seem to be working. I have an alix board with wan, lan and opt1. I have set the opt1 interface to be the penaly box. Is this possible with 1.2.3?

                                1 Reply Last reply Reply Quote 0
                                • A
                                  Alan87i
                                  last edited by May 14, 2010, 12:41 PM

                                  No idea I would use a lan IP
                                  I also figured out that this don't work at all if you have squid running and proxy set on the browser. Too bad

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    eri--
                                    last edited by May 14, 2010, 2:49 PM

                                    Go to 2.0?!

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jhabers
                                      last edited by May 14, 2010, 2:51 PM

                                      @ermal:

                                      Go to 2.0?!

                                      thanks, so is it a fact that 1.2.3 cant shape both lan and opt at the same time?

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        plazasigua
                                        last edited by May 14, 2010, 5:15 PM

                                        Because the importance to limit downloads in my network is priority, i dont use upload limits, but i tested both ways several months ago and it worked really fine, and is so simple like the swap of the source and destination in the individual queue, to create  an upload queue ,and in the rules CHANGE THE TARGET from WANDEF (the default for upload) to your particular created queue, this way both queues work simultaneously for one IP, so you have upload and download limited to a single user.

                                        I´ll post images from a rule with upload and download limits for one ip.

                                        greeting from Honduras

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          jhabers
                                          last edited by May 14, 2010, 5:24 PM

                                          @plazasigua:

                                          Because the importance to limit downloads in my network is priority, i dont use upload limits, but i tested both ways several months ago and it worked really fine, and is so simple like the swap of the source and destination in the individual queue, to create  an upload queue ,and in the rules CHANGE THE TARGET from WANDEF (the default for upload) to your particular created queue, this way both queues work simultaneously for one IP, so you have upload and download limited to a single user.

                                          I´ll post images from a rule with upload and download limits for one ip.

                                          greeting from Honduras

                                          yes please do, would like to see screenshots

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received