Bandwidth limit control strategy

  • I am interested in establishing a general LAN-wide bandwidth limitation feature to prevent people from exceeding our monthly bandwidth limit.  I have been searching for this for a long time and could not find a way to do it…  Such feature should be in pfsense somewhere but nowhere to be found.


    • I dont care which machine uses the bandwidth;
    • I dont care what type of data is being transfered;
    • And only to be active on the WAN side, I dont care how much info is going between the machines on the LAN...

    So this feature should be very primitive with amount of data, periodicity (monthly, weekly, etc) and warning feature with threshold points...

    Last month I exceeded the bandwidth and the bill was costly...  This would have been useful.  How to do that?


  • Nobody?  At least a pointer….

  • It's not available in the traffic shaper for general traffic.
    However, if the traffic is HTTP, then there is an avenue for data transfer cap by using Squid.

  • Thanks dreamslacker for you reply!  yes 99% of the traffic is http based.. I rarely use ftp and other protocols…. If I could cap the http traffic it would suffice...  How can I do that?

  • My mistake.  I misinterpreted the filesize limit as a data transfer limit.

    Anyway, there is a way to do it with custom ACL delay pools and probably a cron job to reset the service every month.  Basically, set a delay pool for the entire network so that once the quota is hit, the service is slowed down to a crawl/ halt.  But you obviously have to put more ACLs in place (so the webgui access doesn't get locked down) and also..  You need to reset the squid service every month so that you can flush the transfer limits.


  • I kinda understand the general concepts, however just to be sure we are talking about the same thing, I am interested in preventing excessive data exchange that could exceed my monthly bandwidth.  I think the word "bandwidth" might not be the best terminology because I am not looking to restrict the speed  but the amount of data being downloaded + uploaded on a monthly basis.

    Anyways, if that's what you had in mind, good!  I will have to read what you sent me and look carefully because its the first time I play around with squid and the delay pools and never heard about those things before…

    Overall, is it complicated?

    The way I see it, by setting up a delay pool (or a bucket?) with a defined capacity, I can use the delay pool to throttle the speed to almost a halt when approaching the limit?  Could I only stop it and only have acess to the pfsense machine only?  In other words, can I apply the delay pool only to the WAN connection?  The thing is that I dont want to apply this strategy inside my LAN, I regularly exchange large files (10GB+) between my machines...  I need the limit to be effective ONLY on the WAN connection (in/out of my LAN).


  • have u tried squid now ?
    with good setting u can save ur bandwidt for 30% or more …
    it should enough for ur need and it can complicated if u make it complicated :)

    it can block large file simplicity, with time acl you can play it ...
    thats exceed ur bandwith is download large file

    caching data will transfer on LAN speed
    and yes u can exchange large file without restriction on your LAN

  • @lpallard:  yes, I'm referring to Data transfer caps.  You have grasp the basics of it.  Basically, set the connection to throttle to a crawl once a certain amount of data is transferred via the delay pool.  Squid will only catch HTTP traffic so internal transfers via NFS/ CIFS/ SMB are not affected.
    Also, if you're using HTTP to move files internally, you can set the ACLs in squid to allow the IPs or subnet to bypass Squid so that the limits do not apply.  You can also set the ACL to bypass the pfSense LAN IP as a destination so that you can retain access to the unit.

  • thanks guys for your replies!  I REALLY appreciate help because I am such a noob in networking, especially with linux…

    Yes I have squid installed, but I barely know how to use it.

    serangku, I understand squid might be able to help saving bandwidth, but at the end of the day, if the users are downloading all kind of different/non-repetitive data, it will not work.  Think about rapidshare files or torrents...

    dreamslacker, I only use NFS shares to transfer files between machines.  Marginal amount of data through http (only web services such as mediawiki and Knowledgetree a document management system).  Preferably, setting the delay pools only on the WAN side would be best.

    What would be the first step in implementing this?  DO I need to modify the squid.conf file of my pfsense box using the examples on the sites you sent me?

Log in to reply