Throttling or blocking a specific IP



  • One of the people on my lan have decided to completely saturate the connection while uploading a file to a friend. In an effort to distribute the bandwidth more evenly I've tried numerous methods to get his bandwidth use back under control but nothing seems to work. The limiter in the traffic shaper wizard does nothing, setting up limits manually through the limiter and firewall rules also does nothing. Out of desperation I've tried blocking that user's IP and the IPs that he seems to be using through firewall rules and nothing seems to stick. In fact, I currently have the entire network subnet that he's uploading to blocked in the firewall rules but the uploading is still going on. After each change I've rebooted the router to ensure that any connections that are made fall under the rules that I've set. Any ideas on how to fix this rather annoying issue short of physically pulling the cable out of his machine?



  • Can you please give us some info on the network/setup/version of pfSense/etc.



  • Sure, I'm running PFsense 2.0 RC3 Embedded on a very recent snapshot. IP addresses are assigned through DHCP, however this particular user is now on a static DHCP lease to make managing things easier. All of the users in question are on the same lan segment.

    I haven't determined exactly what software he's using to transfer files, all I know is that it's very resistant to any kind of interruption. Before I jumped to attempting to cut off his connection entirely so that I would actually have some bandwidth to do some things that were necessary I initially attempted a per IP block. However, after 5 IP blocks with no decrease in traffic I jumped to blocking the entire subnet.



  • @valunthar:

    Sure, I'm running PFsense 2.0 RC3 Embedded on a very recent snapshot. IP addresses are assigned through DHCP, however this particular user is now on a static DHCP lease to make managing things easier. All of the users in question are on the same lan segment.

    I haven't determined exactly what software he's using to transfer files, all I know is that it's very resistant to any kind of interruption. Before I jumped to attempting to cut off his connection entirely so that I would actually have some bandwidth to do some things that were necessary I initially attempted a per IP block. However, after 5 IP blocks with no decrease in traffic I jumped to blocking the entire subnet.

    This won't totally solve your issue but to determine what this guy been doing install NTOP which will give you more detailed information as to what protocols and what websites the user been visiting.  I find it easier just to block the offending websites and say it's not work related.  They usually shut up afterwards.

    Darkk



  • After doing some more research it seems that my problem is not quite as clear cut as it looks at first glance. It seems that the user is not at fault here as the traffic seems to be showing up no matter who is connected. The strange thing is that when there is no network traffic at all the IP pops up every few seconds, but doesn't transfer anything. However as soon as there is consistent network traffic like a file download the offending IP pops up and swamps my connection. There doesn't seem to be any correlation between the traffic swamping my connection and the speed of the network traffic in question. For example, I was downloading the Libre Office installer earlier and I was getting speeds of 50k or less, while the traffic graph showed traffic coming into my lan at over 500k/s. It's almost as if I'm being throttled or something of that nature, but none of the downloads I'm doing are anything that would trigger that kind of throttling, not to mention the fact that my ISP does not throttle traffic at all.



  • http://cable-dsl.navasgroup.com/#Asymmetry

    Are you aware that while most ISP's advertise your bandwidth in kilobits per second, browsers en such will show KiloBytes per second?

    What kind of internet connection do you have and what are their advertised speeds?


Log in to reply