Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal bandwidth rescrictions discrepancy or bug?

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mad Professor
      last edited by

      I'm testing the new 2.0-RC1 tonight and it looks awesome.

      But messing around with captive portal I noticed an issue with "Per-user bandwidth restriction."

      Per-user bandwidth restriction:
      @Pfsense:

      If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit.

      At first I just enter 128 for the upload and nothing for the download and save, then tried as a client and nothing works as in no connection, web pages don't load, ping get's an ip but request timeout, like the connection is blocked.
      If I set the download to 0 and upload to 128, same thing.

      If I set the download to anything else but 0, everything works fine, even speedtest shows correct bandwidth that I specified.

      Wondering if this is just a discrepancy and working as intended or a bug that needs to be fix.

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        It depends.
        Its strange that you want to limit only upload?
        Not sure anyone has ever tested that path. Possibly there might be issues in code not preventing it from generating a false config.

        Can you post the ipfw pipe show and ipfw show after you enable the CP with download of 0?

        1 Reply Last reply Reply Quote 0
        • M
          Mad Professor
          last edited by

          I fix computers with my dad, and sometimes we get either knowingly or unknowingly infected machine that sends out bulk mail/spam/worms/other and gets us in trouble with our service provider, but we need a network connection to access the fileserver and the pxe server. We also share the pipe with video conferencing and voip phones and our pipe is limited to 10 down 1 up. Plenty of download not enough upload.

          Captive portal on 1.2.3 works great for this, blocks the connection and leaves pinholes for fileserver and pixie and when we need to connect to the web for tools or updates, the simple authentication works fine for us, and the bandwidth limits prevents machines from hogging the upload and shares the bandwidth with other devices on the network.

          anyways…

          So here are the snippets for the command you asked for.

          I disabled CP first and then the bandwidth restriction but it didn't show anything different so I re-enabled and copy this snippet
          When I was screwing around trying to troubleshoot it and I set it to 1024 initially.
          CP bandwidth download set 5120.

          
          $ ipfw pipe show
          20004: 1048.576 Mbit/s    0 ms burst 0 
          q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail
           sched 85540 type FIFO flags 0x0 0 buckets 0 active
          20005: 1048.576 Mbit/s    0 ms burst 0 
          q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail
           sched 85541 type FIFO flags 0x0 0 buckets 0 active
          20006: 128.000 Kbit/s    0 ms burst 0 
          q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail
           sched 85542 type FIFO flags 0x0 0 buckets 0 active
          20007:   5.120 Mbit/s    0 ms burst 0 
          q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail
           sched 85543 type FIFO flags 0x0 0 buckets 0 active
          20002: 1048.576 Mbit/s    0 ms burst 0 
          q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail
           sched 85538 type FIFO flags 0x0 0 buckets 0 active
          20003: 1048.576 Mbit/s    0 ms burst 0 
          q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail
           sched 85539 type FIFO flags 0x0 0 buckets 0 active
          
          

          Wasn't sure if you want another pipe show or just show so I posted both.
          CP set to 0
          Now it's different.

          $ ipfw pipe show
          20004: 128.000 Kbit/s    0 ms burst 0 
          q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail
           sched 85540 type FIFO flags 0x0 0 buckets 0 active
          20005: 1048.576 Mbit/s    0 ms burst 0 
          q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail
           sched 85541 type FIFO flags 0x0 0 buckets 0 active
          20006: 128.000 Kbit/s    0 ms burst 0 
          q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail
           sched 85542 type FIFO flags 0x0 0 buckets 0 active
          20007:   5.120 Mbit/s    0 ms burst 0 
          q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail
           sched 85543 type FIFO flags 0x0 0 buckets 0 active
          20002: 1048.576 Mbit/s    0 ms burst 0 
          q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail
           sched 85538 type FIFO flags 0x0 0 buckets 0 active
          20003: 1048.576 Mbit/s    0 ms burst 0 
          q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail
           sched 85539 type FIFO flags 0x0 0 buckets 0 active
          
          
          
          $ ipfw show
          65291  0     0 allow pfsync from any to any
          65292  0     0 allow carp from any to any
          65301  0     0 allow ip from any to any layer2 mac-type 0x0806
          65302  0     0 allow ip from any to any layer2 mac-type 0x888e
          65303  0     0 allow ip from any to any layer2 mac-type 0x88c7
          65304  0     0 allow ip from any to any layer2 mac-type 0x8863
          65305  0     0 allow ip from any to any layer2 mac-type 0x8864
          65306  0     0 allow ip from any to any layer2 mac-type 0x888e
          65307  0     0 deny ip from any to any layer2 not mac-type 0x0800
          65310 52  6791 allow ip from any to { 255.255.255.255 or 192.168.1.1 } in
          65311 97 83269 allow ip from { 255.255.255.255 or 192.168.1.1 } to any out
          65312  0     0 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
          65313  0     0 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
          65314  0     0 allow ip from table(3) to any in
          65315  0     0 allow ip from any to table(4) out
          65316  0     0 pipe tablearg ip from table(5) to any in
          65317  0     0 pipe tablearg ip from any to table(6) out
          65318  0     0 allow ip from any to table(7) in
          65319  0     0 allow ip from table(8) to any out
          65320  1    40 pipe tablearg ip from any to table(9) in
          65321  1    44 pipe tablearg ip from table(10) to any out
          65322  8   384 pipe tablearg ip from table(1) to any in
          65323 22  1056 pipe tablearg ip from any to table(2) out
          65531  5   652 fwd 127.0.0.1,8000 tcp from any to any in
          65532  5   635 allow tcp from any to any out
          65533  1   229 deny ip from any to any
          65534  0     0 allow ip from any to any layer2
          65535  0     0 allow ip from any to any
          
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.