Tutorial : CP BW user specific limiter with squid transparent zero pinalty hit

anto_DIGIT

How to bypass traffic of proxy hit from captiveportal BW limmiter ?

USE YOUR OWN DISCRETION!  TRY THIS AT YOUR OWN RISK!
do not perform the following steps : http://forum.pfsense.org/index.php/topic,14436.0.html. The Modifications will bypass the CP login and CP BW limmiter.
PFsense configuration requirements :

• captiveportal BW limmiter enable,
• squid transparrent
• DNS forwarder

1. input the following codes into the Custom Options on GUI Pfsense: Services -> Proxy Server -> General

Custom Options :

zph_mode tos;
zph_local 0x04;
zph_parent 0;
zph_option 136;

Press OK

Through "putty", check whether the package marked already appeared:

tcpdump -nvi rl0 | grep 'tos 0x4'

2. Edit /usr/local/captiveportal/index.php
Please backup the original first ..
cp /usr/local/captiveportal/index.php /usr/local/captiveportal/index.bak
Through "winscp", edit /usr/local/captiveportal/index.php

/usr/local/captiveportal/index.php at line 290 : _if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
            $bw_down_pipeno = $ruleno + 45500;

exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
            exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
            exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");

exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");

} else {
            exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");_

The above code is if you do not want a different bandwidth settings in the GUI, if you need specific BW limitter :
example :
**- username : admin,  BW down : 384kBps

• username : guest, BW down : 128kBps
  Another username BW is fixed, according to the settings in the GUI.**
  /usr/local/captiveportal/index.php at line 290 :

if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
            $bw_down_pipeno = $ruleno + 45500;
            exec("/sbin/ipfw pipe 30012 config bw 384Kbit/s queue 100");
            exec("/sbin/ipfw pipe 30022 config bw 128Kbit/s queue 100");
            if ($username=='admin')      {
                      exec("/sbin/ipfw add $ruleno pipe 30012 all from any to $clientip out proto not iptos reliability");         
            else if ($username=='guest')      {
                      exec("/sbin/ipfw add $ruleno pipe 30022 all from any to $clientip out proto not iptos reliability");         
            } else {
                      exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out not iptos reliability");
                      exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100");
            }
            exec("/sbin/ipfw pipe 30002 config bw 4Mbit/s");
            exec("/sbin/ipfw add $ruleno pipe 30002 all from any to $clientip out proto TCP iptos reliability");
} else {
            exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");

3. Check ipfw rule
ipfw list

4. Traffic Shapping
Adjust the bandwidth in order to max BW Traffic shapping LAN is not limited

5. Firewall rule : Block port 3128 on LAN interface.

6. Good luck ..