Captive Portal bandwidth rescrictions discrepancy or bug?
-
I'm testing the new 2.0-RC1 tonight and it looks awesome.
But messing around with captive portal I noticed an issue with "Per-user bandwidth restriction."
Per-user bandwidth restriction:
@Pfsense:If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit.
At first I just enter 128 for the upload and nothing for the download and save, then tried as a client and nothing works as in no connection, web pages don't load, ping get's an ip but request timeout, like the connection is blocked.
If I set the download to 0 and upload to 128, same thing.If I set the download to anything else but 0, everything works fine, even speedtest shows correct bandwidth that I specified.
Wondering if this is just a discrepancy and working as intended or a bug that needs to be fix.
-
It depends.
Its strange that you want to limit only upload?
Not sure anyone has ever tested that path. Possibly there might be issues in code not preventing it from generating a false config.Can you post the ipfw pipe show and ipfw show after you enable the CP with download of 0?
-
I fix computers with my dad, and sometimes we get either knowingly or unknowingly infected machine that sends out bulk mail/spam/worms/other and gets us in trouble with our service provider, but we need a network connection to access the fileserver and the pxe server. We also share the pipe with video conferencing and voip phones and our pipe is limited to 10 down 1 up. Plenty of download not enough upload.
Captive portal on 1.2.3 works great for this, blocks the connection and leaves pinholes for fileserver and pixie and when we need to connect to the web for tools or updates, the simple authentication works fine for us, and the bandwidth limits prevents machines from hogging the upload and shares the bandwidth with other devices on the network.
anyways…
So here are the snippets for the command you asked for.
I disabled CP first and then the bandwidth restriction but it didn't show anything different so I re-enabled and copy this snippet
When I was screwing around trying to troubleshoot it and I set it to 1024 initially.
CP bandwidth download set 5120.$ ipfw pipe show 20004: 1048.576 Mbit/s 0 ms burst 0 q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail sched 85540 type FIFO flags 0x0 0 buckets 0 active 20005: 1048.576 Mbit/s 0 ms burst 0 q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail sched 85541 type FIFO flags 0x0 0 buckets 0 active 20006: 128.000 Kbit/s 0 ms burst 0 q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail sched 85542 type FIFO flags 0x0 0 buckets 0 active 20007: 5.120 Mbit/s 0 ms burst 0 q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail sched 85543 type FIFO flags 0x0 0 buckets 0 active 20002: 1048.576 Mbit/s 0 ms burst 0 q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail sched 85538 type FIFO flags 0x0 0 buckets 0 active 20003: 1048.576 Mbit/s 0 ms burst 0 q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail sched 85539 type FIFO flags 0x0 0 buckets 0 active
Wasn't sure if you want another pipe show or just show so I posted both.
CP set to 0
Now it's different.$ ipfw pipe show 20004: 128.000 Kbit/s 0 ms burst 0 q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail sched 85540 type FIFO flags 0x0 0 buckets 0 active 20005: 1048.576 Mbit/s 0 ms burst 0 q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail sched 85541 type FIFO flags 0x0 0 buckets 0 active 20006: 128.000 Kbit/s 0 ms burst 0 q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail sched 85542 type FIFO flags 0x0 0 buckets 0 active 20007: 5.120 Mbit/s 0 ms burst 0 q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail sched 85543 type FIFO flags 0x0 0 buckets 0 active 20002: 1048.576 Mbit/s 0 ms burst 0 q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail sched 85538 type FIFO flags 0x0 0 buckets 0 active 20003: 1048.576 Mbit/s 0 ms burst 0 q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail sched 85539 type FIFO flags 0x0 0 buckets 0 active
$ ipfw show 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 0 0 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 allow ip from any to any layer2 mac-type 0x8864 65306 0 0 allow ip from any to any layer2 mac-type 0x888e 65307 0 0 deny ip from any to any layer2 not mac-type 0x0800 65310 52 6791 allow ip from any to { 255.255.255.255 or 192.168.1.1 } in 65311 97 83269 allow ip from { 255.255.255.255 or 192.168.1.1 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8 65314 0 0 allow ip from table(3) to any in 65315 0 0 allow ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(5) to any in 65317 0 0 pipe tablearg ip from any to table(6) out 65318 0 0 allow ip from any to table(7) in 65319 0 0 allow ip from table(8) to any out 65320 1 40 pipe tablearg ip from any to table(9) in 65321 1 44 pipe tablearg ip from table(10) to any out 65322 8 384 pipe tablearg ip from table(1) to any in 65323 22 1056 pipe tablearg ip from any to table(2) out 65531 5 652 fwd 127.0.0.1,8000 tcp from any to any in 65532 5 635 allow tcp from any to any out 65533 1 229 deny ip from any to any 65534 0 0 allow ip from any to any layer2 65535 0 0 allow ip from any to any