Tutorial : CP BW user specific limiter with squid transparent zero pinalty hit



  • How to bypass traffic of proxy hit from captiveportal BW limmiter ?

    USE YOUR OWN DISCRETION!  TRY THIS AT YOUR OWN RISK!
    do not perform the following steps : http://forum.pfsense.org/index.php/topic,14436.0.html. The Modifications will bypass the CP login and CP BW limmiter.
    PFsense configuration requirements :

    • captiveportal BW limmiter enable,
    • squid transparrent
    • DNS forwarder

    1. input the following codes into the Custom Options on GUI Pfsense: Services -> Proxy Server -> General

    Custom Options :

    zph_mode tos;
    zph_local 0x04;
    zph_parent 0;
    zph_option 136;

    Press OK

    Through "putty", check whether the package marked already appeared:

    tcpdump -nvi rl0 | grep 'tos 0x4'

    2. Edit /usr/local/captiveportal/index.php
    Please backup the original first ..
    cp /usr/local/captiveportal/index.php /usr/local/captiveportal/index.bak
    Through "winscp", edit /usr/local/captiveportal/index.php

    /usr/local/captiveportal/index.php at line 290 : _if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                $bw_down_pipeno = $ruleno + 45500;

    exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");

    exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");

    } else {
                exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");_

    The above code is if you do not want a different bandwidth settings in the GUI, if you need specific BW limitter :
    example :
    **- username : admin,  BW down : 384kBps

    • username : guest, BW down : 128kBps
      Another username BW is fixed, according to the settings in the GUI.**
      /usr/local/captiveportal/index.php at line 290 :

    if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                $bw_down_pipeno = $ruleno + 45500;
                exec("/sbin/ipfw pipe 30012 config bw 384Kbit/s queue 100");
                exec("/sbin/ipfw pipe 30022 config bw 128Kbit/s queue 100");
                if ($username=='admin')      {
                          exec("/sbin/ipfw add $ruleno pipe 30012 all from any to $clientip out proto not iptos reliability");         
                else if ($username=='guest')      {
                          exec("/sbin/ipfw add $ruleno pipe 30022 all from any to $clientip out proto not iptos reliability");         
                } else {
                          exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                          exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");
                }
                exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");
    } else {
                exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");

    3. Check ipfw rule
    ipfw list

    4. Traffic Shapping
    Adjust the bandwidth in order to max BW Traffic shapping LAN is not limited

    5. Firewall rule : Block port 3128 on LAN interface.

    6. Good luck ..


Log in to reply