Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Tutorial : CP BW user specific limiter with squid transparent zero pinalty hit

    Captive Portal
    1
    1
    2846
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anto_DIGIT last edited by

      How to bypass traffic of proxy hit from captiveportal BW limmiter ?

      USE YOUR OWN DISCRETION!  TRY THIS AT YOUR OWN RISK!
      do not perform the following steps : http://forum.pfsense.org/index.php/topic,14436.0.html. The Modifications will bypass the CP login and CP BW limmiter.
      PFsense configuration requirements :

      • captiveportal BW limmiter enable,
      • squid transparrent
      • DNS forwarder

      1. input the following codes into the Custom Options on GUI Pfsense: Services -> Proxy Server -> General

      Custom Options :

      zph_mode tos;
      zph_local 0x04;
      zph_parent 0;
      zph_option 136;

      Press OK

      Through "putty", check whether the package marked already appeared:

      tcpdump -nvi rl0 | grep 'tos 0x4'

      2. Edit /usr/local/captiveportal/index.php
      Please backup the original first ..
      cp /usr/local/captiveportal/index.php /usr/local/captiveportal/index.bak
      Through "winscp", edit /usr/local/captiveportal/index.php

      /usr/local/captiveportal/index.php at line 290 : _if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                  $bw_down_pipeno = $ruleno + 45500;

      exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                  exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                  exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");

      exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");

      } else {
                  exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");_

      The above code is if you do not want a different bandwidth settings in the GUI, if you need specific BW limitter :
      example :
      **- username : admin,  BW down : 384kBps

      • username : guest, BW down : 128kBps
        Another username BW is fixed, according to the settings in the GUI.**
        /usr/local/captiveportal/index.php at line 290 :

      if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
                  $bw_down_pipeno = $ruleno + 45500;
                  exec("/sbin/ipfw pipe 30012 config bw 384Kbit/s queue 100");
                  exec("/sbin/ipfw pipe 30022 config bw 128Kbit/s queue 100");
                  if ($username=='admin')      {
                            exec("/sbin/ipfw add $ruleno pipe 30012 all from any to $clientip out proto not iptos reliability");         
                  else if ($username=='guest')      {
                            exec("/sbin/ipfw add $ruleno pipe 30022 all from any to $clientip out proto not iptos reliability");         
                  } else {
                            exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                            exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");
                  }
                  exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
                  exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");
      } else {
                  exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");

      3. Check ipfw rule
      ipfw list

      4. Traffic Shapping
      Adjust the bandwidth in order to max BW Traffic shapping LAN is not limited

      5. Firewall rule : Block port 3128 on LAN interface.

      6. Good luck ..

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy