Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with limiting

    Scheduled Pinned Locked Moved Traffic Shaping
    13 Posts 5 Posters 6.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luke240778
      last edited by

      A couple of quick questions..

      Firstly, am i able to, per user, limit torrenting to say only 1mb downloads.. i mean i want the clients to get more bandwidth for general browsing and work, but i want to limit the bandwidth for torrenting

      Secondly, like about i would like to limit also downloads from certain sites.. megaupload.com for example.. how would i go about doing this?

      i am trying to understand how i can do rate limiting per user/connection and not for the whole WAN.. i mean, i want to say limit each user to only get 2mb, and not limit the whole WAN to only 2mb.. is this possible?  I have tried and tested with the limiting per user on the captive portal, but it doesnt work..

      1 Reply Last reply Reply Quote 0
      • A
        ay01
        last edited by

        talking about limiting, i need to understand something about limiting or even blocking videos. when i go the traffic shaper section, i press the l-7 button and then i choose http-video as protocol and a block action for exemple.

        my question is : is this protocol is able to block all types or files ? meaning that will all videos types wil be blocked like flv and MPEG and AVI etc. and if not, how can i do it ?

        please i need a quick answer. thanks guys.

        1 Reply Last reply Reply Quote 0
        • L
          luke240778
          last edited by

          Hey would have been nice if you could have answered my question rather than ask more of you own that arent relative to what i am asking… Anyone else out there able to assist me here?  Thanks in advance

          1 Reply Last reply Reply Quote 0
          • L
            luke240778
            last edited by

            No one knows how to do this? or even if it is possible??

            1 Reply Last reply Reply Quote 0
            • D
              dreamslacker
              last edited by

              It is kind of possible.  You will need a catch all queue first to catch all traffic types.

              This is usually the qP2P under the shaper wizard.

              Now, you need to note what kind of traffic is defined as work type.  e.g.  HTTP, HTTPS, FTP, POP3 etc.

              These should be allocated to a higher queue.

              For example, you could create the following set of queues:

              qAck (Ack queue; Highest priority)
              qDef (This is for the so called 'work' related traffic)
              qP2P (Default queue; lowest priority)

              You can then set rules to catch HTTP/ FTP/ POP3/ SMTP traffic etc to pipe to qack/ qdef.

              The qP2P will automatically catch everything if it is set as the default queue.

              In qP2P, you set the upperlimit to 1Mb.  Reduce the Realtime to 1Kb or 1%.  Up to you to set how much you want to allocate.

              For limiting or restricting access to certain sites, you will need Squid and possibly Squidguard (for restricting access).
              You will need a regex rule to catch the site's domain name since sites like megaupload and rapidshare use sub-domains for downloads.  e.g. xxx.megaupload.com, xxx.rapidshare.com, xxx.rapidshare.de etc.

              For limiting each user, you will need limiters from pfsense 2.0.  The limiter needs to be set with a per destination mask (for downloads).  This then sets a per user limit rather than for the whole connection.
              All your rules need to set the pipes to the limiter though and you will need a catchall rule as well (since the implicit default queue catching won't pipe to limiters).

              1 Reply Last reply Reply Quote 0
              • L
                luke240778
                last edited by

                Thanks for that, i will take a look at this and reply back if i have some issues

                Megaupload.com i dont want to block the site, i just want to make downloads from that site slower.. is that possible?

                1 Reply Last reply Reply Quote 0
                • L
                  luke240778
                  last edited by

                  Still getting killed by a few sites, including megaupload.com.. how can i limit download speeds from these particular sites?

                  1 Reply Last reply Reply Quote 0
                  • L
                    luke240778
                    last edited by

                    @dreamslacker:

                    It is kind of possible.  You will need a catch all queue first to catch all traffic types.

                    This is usually the qP2P under the shaper wizard.

                    Now, you need to note what kind of traffic is defined as work type.  e.g.  HTTP, HTTPS, FTP, POP3 etc.

                    These should be allocated to a higher queue.

                    For example, you could create the following set of queues:

                    qAck (Ack queue; Highest priority)
                    qDef (This is for the so called 'work' related traffic)
                    qP2P (Default queue; lowest priority)

                    You can then set rules to catch HTTP/ FTP/ POP3/ SMTP traffic etc to pipe to qack/ qdef.

                    The qP2P will automatically catch everything if it is set as the default queue.

                    In qP2P, you set the upperlimit to 1Mb.  Reduce the Realtime to 1Kb or 1%.  Up to you to set how much you want to allocate.

                    For limiting or restricting access to certain sites, you will need Squid and possibly Squidguard (for restricting access).
                    You will need a regex rule to catch the site's domain name since sites like megaupload and rapidshare use sub-domains for downloads.  e.g. xxx.megaupload.com, xxx.rapidshare.com, xxx.rapidshare.de etc.

                    For limiting each user, you will need limiters from pfsense 2.0.  The limiter needs to be set with a per destination mask (for downloads).  This then sets a per user limit rather than for the whole connection.
                    All your rules need to set the pipes to the limiter though and you will need a catchall rule as well (since the implicit default queue catching won't pipe to limiters).

                    This all sounds to me like it is what i need, but i really cant understand how to do any of this.. are there tutorials for this? or someone that can guide me through this?

                    1 Reply Last reply Reply Quote 0
                    • nesenseN
                      nesense
                      last edited by

                      if you want to limit specific sites to a certain bandwidth try using squid with delay pools, here's an example(put this in custom options section under proxy server):

                      delay_pools 1;
                      delay_class 1 2;
                      delay_parameters 1 -1/-1 4000/4000;
                      acl rapidshare url_regex -i rapidshare.com fileserve.com rapidshare.de megaupload.com depositfiles.com hotfile.com zshare.net uploading.com sharingmatrix.com filesonic.com 2shared.com 4shared.com;
                      delay_access 1 allow localnet rapidshare;
                      delay_access 1 deny all;
                      

                      this will limit each of these sites to about 4kB/s

                      1 Reply Last reply Reply Quote 0
                      • L
                        luke240778
                        last edited by

                        Thanks for that, ill give it a shot.. so i guess to allow say 40kbps i change the 4000 to 40000?

                        Also, if you know.. if i do this with megaupload.com, will it also slow downloads from there as they are usually coming from some sort of subdomain.. or will i have to keep adding the different subdomains into this list also?

                        1 Reply Last reply Reply Quote 0
                        • nesenseN
                          nesense
                          last edited by

                          Yep, it uses regex so any sub domain will fall under it, options are vast so check the manual to suit your needs, good luck
                          http://www.visolve.com/squid/squid27/delaypools.php

                          1 Reply Last reply Reply Quote 0
                          • P
                            pwipf
                            last edited by

                            You can make a (hfsc) queue in the traffic shaper for each user, maybe two or more queues each, one unlimited and one limited, then use firewall rules to send the traffic to each queue… it takes some work but then you can do interesting things like for example, allow unlimited bandwidth for 20 seconds, then limit to a smaller percentage, so that normal browsing should go at full speed, but ongoing downloads get limited after a bit.

                            Just something to think about.  I did this by putting simple rules on the LAN tab in the firewall section: PASS, source = single host (set to IP for that user), then in advanced section set the queue to a particular queue that you made, like qUser50.  This works for queues on both the WAN and LAN interface, called qUser50, because the firewall state initiated by that ip address stores the queue, so data coming back from the WAN goes to that queue too.

                            Problem is this doesn't seem to work for UDP traffic, wish someone could tell me why or if it is a bug, otherwise it would be AWSOME!

                            1 Reply Last reply Reply Quote 0
                            • L
                              luke240778
                              last edited by

                              Thanks for the replies.. very interesting.. I will definately give this a shot and see how it goes..

                              As a small WISP starting up, bandwidth here is so expensive that i must oversell to cover costs, so i need all the help i can get so that a few users dont take all the bandwidth.. Obviously in time and the more bandwidth i purchase gets cheaper, i can do this less and less, but for now i have to.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.