Help with limiting



  • A couple of quick questions..

    Firstly, am i able to, per user, limit torrenting to say only 1mb downloads.. i mean i want the clients to get more bandwidth for general browsing and work, but i want to limit the bandwidth for torrenting

    Secondly, like about i would like to limit also downloads from certain sites.. megaupload.com for example.. how would i go about doing this?

    i am trying to understand how i can do rate limiting per user/connection and not for the whole WAN.. i mean, i want to say limit each user to only get 2mb, and not limit the whole WAN to only 2mb.. is this possible?  I have tried and tested with the limiting per user on the captive portal, but it doesnt work..



  • talking about limiting, i need to understand something about limiting or even blocking videos. when i go the traffic shaper section, i press the l-7 button and then i choose http-video as protocol and a block action for exemple.

    my question is : is this protocol is able to block all types or files ? meaning that will all videos types wil be blocked like flv and MPEG and AVI etc. and if not, how can i do it ?

    please i need a quick answer. thanks guys.



  • Hey would have been nice if you could have answered my question rather than ask more of you own that arent relative to what i am asking… Anyone else out there able to assist me here?  Thanks in advance



  • No one knows how to do this? or even if it is possible??



  • It is kind of possible.  You will need a catch all queue first to catch all traffic types.

    This is usually the qP2P under the shaper wizard.

    Now, you need to note what kind of traffic is defined as work type.  e.g.  HTTP, HTTPS, FTP, POP3 etc.

    These should be allocated to a higher queue.

    For example, you could create the following set of queues:

    qAck (Ack queue; Highest priority)
    qDef (This is for the so called 'work' related traffic)
    qP2P (Default queue; lowest priority)

    You can then set rules to catch HTTP/ FTP/ POP3/ SMTP traffic etc to pipe to qack/ qdef.

    The qP2P will automatically catch everything if it is set as the default queue.

    In qP2P, you set the upperlimit to 1Mb.  Reduce the Realtime to 1Kb or 1%.  Up to you to set how much you want to allocate.

    For limiting or restricting access to certain sites, you will need Squid and possibly Squidguard (for restricting access).
    You will need a regex rule to catch the site's domain name since sites like megaupload and rapidshare use sub-domains for downloads.  e.g. xxx.megaupload.com, xxx.rapidshare.com, xxx.rapidshare.de etc.

    For limiting each user, you will need limiters from pfsense 2.0.  The limiter needs to be set with a per destination mask (for downloads).  This then sets a per user limit rather than for the whole connection.
    All your rules need to set the pipes to the limiter though and you will need a catchall rule as well (since the implicit default queue catching won't pipe to limiters).



  • Thanks for that, i will take a look at this and reply back if i have some issues

    Megaupload.com i dont want to block the site, i just want to make downloads from that site slower.. is that possible?



  • Still getting killed by a few sites, including megaupload.com.. how can i limit download speeds from these particular sites?



  • @dreamslacker:

    It is kind of possible.  You will need a catch all queue first to catch all traffic types.

    This is usually the qP2P under the shaper wizard.

    Now, you need to note what kind of traffic is defined as work type.  e.g.  HTTP, HTTPS, FTP, POP3 etc.

    These should be allocated to a higher queue.

    For example, you could create the following set of queues:

    qAck (Ack queue; Highest priority)
    qDef (This is for the so called 'work' related traffic)
    qP2P (Default queue; lowest priority)

    You can then set rules to catch HTTP/ FTP/ POP3/ SMTP traffic etc to pipe to qack/ qdef.

    The qP2P will automatically catch everything if it is set as the default queue.

    In qP2P, you set the upperlimit to 1Mb.  Reduce the Realtime to 1Kb or 1%.  Up to you to set how much you want to allocate.

    For limiting or restricting access to certain sites, you will need Squid and possibly Squidguard (for restricting access).
    You will need a regex rule to catch the site's domain name since sites like megaupload and rapidshare use sub-domains for downloads.  e.g. xxx.megaupload.com, xxx.rapidshare.com, xxx.rapidshare.de etc.

    For limiting each user, you will need limiters from pfsense 2.0.  The limiter needs to be set with a per destination mask (for downloads).  This then sets a per user limit rather than for the whole connection.
    All your rules need to set the pipes to the limiter though and you will need a catchall rule as well (since the implicit default queue catching won't pipe to limiters).

    This all sounds to me like it is what i need, but i really cant understand how to do any of this.. are there tutorials for this? or someone that can guide me through this?



  • if you want to limit specific sites to a certain bandwidth try using squid with delay pools, here's an example(put this in custom options section under proxy server):

    delay_pools 1;
    delay_class 1 2;
    delay_parameters 1 -1/-1 4000/4000;
    acl rapidshare url_regex -i rapidshare.com fileserve.com rapidshare.de megaupload.com depositfiles.com hotfile.com zshare.net uploading.com sharingmatrix.com filesonic.com 2shared.com 4shared.com;
    delay_access 1 allow localnet rapidshare;
    delay_access 1 deny all;
    

    this will limit each of these sites to about 4kB/s



  • Thanks for that, ill give it a shot.. so i guess to allow say 40kbps i change the 4000 to 40000?

    Also, if you know.. if i do this with megaupload.com, will it also slow downloads from there as they are usually coming from some sort of subdomain.. or will i have to keep adding the different subdomains into this list also?



  • Yep, it uses regex so any sub domain will fall under it, options are vast so check the manual to suit your needs, good luck
    http://www.visolve.com/squid/squid27/delaypools.php



  • You can make a (hfsc) queue in the traffic shaper for each user, maybe two or more queues each, one unlimited and one limited, then use firewall rules to send the traffic to each queue… it takes some work but then you can do interesting things like for example, allow unlimited bandwidth for 20 seconds, then limit to a smaller percentage, so that normal browsing should go at full speed, but ongoing downloads get limited after a bit.

    Just something to think about.  I did this by putting simple rules on the LAN tab in the firewall section: PASS, source = single host (set to IP for that user), then in advanced section set the queue to a particular queue that you made, like qUser50.  This works for queues on both the WAN and LAN interface, called qUser50, because the firewall state initiated by that ip address stores the queue, so data coming back from the WAN goes to that queue too.

    Problem is this doesn't seem to work for UDP traffic, wish someone could tell me why or if it is a bug, otherwise it would be AWSOME!



  • Thanks for the replies.. very interesting.. I will definately give this a shot and see how it goes..

    As a small WISP starting up, bandwidth here is so expensive that i must oversell to cover costs, so i need all the help i can get so that a few users dont take all the bandwidth.. Obviously in time and the more bandwidth i purchase gets cheaper, i can do this less and less, but for now i have to.


Locked