Captive Portal bandwidth rescrictions discrepancy or bug?



  • I'm testing the new 2.0-RC1 tonight and it looks awesome.

    But messing around with captive portal I noticed an issue with "Per-user bandwidth restriction."

    Per-user bandwidth restriction:
    @Pfsense:

    If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit.

    At first I just enter 128 for the upload and nothing for the download and save, then tried as a client and nothing works as in no connection, web pages don't load, ping get's an ip but request timeout, like the connection is blocked.
    If I set the download to 0 and upload to 128, same thing.

    If I set the download to anything else but 0, everything works fine, even speedtest shows correct bandwidth that I specified.

    Wondering if this is just a discrepancy and working as intended or a bug that needs to be fix.



  • It depends.
    Its strange that you want to limit only upload?
    Not sure anyone has ever tested that path. Possibly there might be issues in code not preventing it from generating a false config.

    Can you post the ipfw pipe show and ipfw show after you enable the CP with download of 0?



  • I fix computers with my dad, and sometimes we get either knowingly or unknowingly infected machine that sends out bulk mail/spam/worms/other and gets us in trouble with our service provider, but we need a network connection to access the fileserver and the pxe server. We also share the pipe with video conferencing and voip phones and our pipe is limited to 10 down 1 up. Plenty of download not enough upload.

    Captive portal on 1.2.3 works great for this, blocks the connection and leaves pinholes for fileserver and pixie and when we need to connect to the web for tools or updates, the simple authentication works fine for us, and the bandwidth limits prevents machines from hogging the upload and shares the bandwidth with other devices on the network.

    anyways…

    So here are the snippets for the command you asked for.

    I disabled CP first and then the bandwidth restriction but it didn't show anything different so I re-enabled and copy this snippet
    When I was screwing around trying to troubleshoot it and I set it to 1024 initially.
    CP bandwidth download set 5120.

    
    $ ipfw pipe show
    20004: 1048.576 Mbit/s    0 ms burst 0 
    q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail
     sched 85540 type FIFO flags 0x0 0 buckets 0 active
    20005: 1048.576 Mbit/s    0 ms burst 0 
    q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail
     sched 85541 type FIFO flags 0x0 0 buckets 0 active
    20006: 128.000 Kbit/s    0 ms burst 0 
    q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail
     sched 85542 type FIFO flags 0x0 0 buckets 0 active
    20007:   5.120 Mbit/s    0 ms burst 0 
    q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail
     sched 85543 type FIFO flags 0x0 0 buckets 0 active
    20002: 1048.576 Mbit/s    0 ms burst 0 
    q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail
     sched 85538 type FIFO flags 0x0 0 buckets 0 active
    20003: 1048.576 Mbit/s    0 ms burst 0 
    q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail
     sched 85539 type FIFO flags 0x0 0 buckets 0 active
    
    

    Wasn't sure if you want another pipe show or just show so I posted both.
    CP set to 0
    Now it's different.

    $ ipfw pipe show
    20004: 128.000 Kbit/s    0 ms burst 0 
    q151076 100 sl. 0 flows (1 buckets) sched 85540 weight 0 lmax 0 pri 0 droptail
     sched 85540 type FIFO flags 0x0 0 buckets 0 active
    20005: 1048.576 Mbit/s    0 ms burst 0 
    q151077 100 sl. 0 flows (1 buckets) sched 85541 weight 0 lmax 0 pri 0 droptail
     sched 85541 type FIFO flags 0x0 0 buckets 0 active
    20006: 128.000 Kbit/s    0 ms burst 0 
    q151078 100 sl. 0 flows (1 buckets) sched 85542 weight 0 lmax 0 pri 0 droptail
     sched 85542 type FIFO flags 0x0 0 buckets 0 active
    20007:   5.120 Mbit/s    0 ms burst 0 
    q151079 100 sl. 0 flows (1 buckets) sched 85543 weight 0 lmax 0 pri 0 droptail
     sched 85543 type FIFO flags 0x0 0 buckets 0 active
    20002: 1048.576 Mbit/s    0 ms burst 0 
    q151074 100 sl. 0 flows (1 buckets) sched 85538 weight 0 lmax 0 pri 0 droptail
     sched 85538 type FIFO flags 0x0 0 buckets 0 active
    20003: 1048.576 Mbit/s    0 ms burst 0 
    q151075 100 sl. 0 flows (1 buckets) sched 85539 weight 0 lmax 0 pri 0 droptail
     sched 85539 type FIFO flags 0x0 0 buckets 0 active
    
    
    
    $ ipfw show
    65291  0     0 allow pfsync from any to any
    65292  0     0 allow carp from any to any
    65301  0     0 allow ip from any to any layer2 mac-type 0x0806
    65302  0     0 allow ip from any to any layer2 mac-type 0x888e
    65303  0     0 allow ip from any to any layer2 mac-type 0x88c7
    65304  0     0 allow ip from any to any layer2 mac-type 0x8863
    65305  0     0 allow ip from any to any layer2 mac-type 0x8864
    65306  0     0 allow ip from any to any layer2 mac-type 0x888e
    65307  0     0 deny ip from any to any layer2 not mac-type 0x0800
    65310 52  6791 allow ip from any to { 255.255.255.255 or 192.168.1.1 } in
    65311 97 83269 allow ip from { 255.255.255.255 or 192.168.1.1 } to any out
    65312  0     0 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
    65313  0     0 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
    65314  0     0 allow ip from table(3) to any in
    65315  0     0 allow ip from any to table(4) out
    65316  0     0 pipe tablearg ip from table(5) to any in
    65317  0     0 pipe tablearg ip from any to table(6) out
    65318  0     0 allow ip from any to table(7) in
    65319  0     0 allow ip from table(8) to any out
    65320  1    40 pipe tablearg ip from any to table(9) in
    65321  1    44 pipe tablearg ip from table(10) to any out
    65322  8   384 pipe tablearg ip from table(1) to any in
    65323 22  1056 pipe tablearg ip from any to table(2) out
    65531  5   652 fwd 127.0.0.1,8000 tcp from any to any in
    65532  5   635 allow tcp from any to any out
    65533  1   229 deny ip from any to any
    65534  0     0 allow ip from any to any layer2
    65535  0     0 allow ip from any to any
    
    

Locked