Per IP traffic Shaping
-
From where are you ? I don't see your "location"
Are you using pfSense in a comercial enviroment ?
If you are in a "hurry", have you considered the comercial support ?
Well, have said that, here we go, example with screenshots:
I have WAN with a 1mbps / 515 kbps ADSL connection ( speedtest_No_Limit.png)
Lets say i want to limit the DL to 256kbps and the UL to 128Kbps only for 1 host, in this case 192.168.1.10 (my LAN subnet is 192.168.1.0/24).
1º Create the 2 limiters
2º Create the LAN Rule with the Limiters
3º Test, thats all ;) (Speedtest.png)
-
Here the Speedtest without limiter & with limiter
-
@ptt:
Here the Speedtest without limiter & with limiter
I'm in brazil.
No its my home servers, i've got a fiber 100down 10U for my home servers, about the paid support you shoud never have to pay to get an answer of how to do something that should be well explained by pfsense in the first place, you can pay if you want them to do it for you but not because you don't have a choice, because you don't want to do it yourself that said every software should offer free support, tutorials.
But regardless of that, i did what you said and the same thing i'm still getting all my bandwidth in the upload, for the test i'm using a ftp server running running on that same vps, witch again has a local ip adress behind the nat with passive ports properly routed, tried to reset tables but still i'm getting all the bandwidth of the link, so downloading wise yes it's working but upload doesn't limit no matter what i do i'm always getting the full bandwidth, i did everything you said, triple checked to see if i did something wrong, no it's all right it's just not working…
Just remember EVERY port has to get the same speed, i'm not using this to browse the web or something i'm running servers.
And getting this right will help a lot of people, but thanks for your help i really appreciate it.. hope we can figure this out and get it to work
-
I have the same problem here. pfsense works as a transparant bridge and I am trying to set uptraffic shaping. I tried a standard setup on the lan and wan side but it doesn't work in either way. Does anybody have a bridged pfsense firewall running with traffic shaping enabled?
Some extra info:
I have 1 LAN and 1 WAN.
LAN has a /25 subnet.
version 2.01 -
I'm in brazil.
Hi Rodolfo,
I'm in Brazil too, if you want, take a look on portuguese forum too.
Comparing your screenshot with ptt, limiter info shows in/out, but you can see on video tutorials/screen shot that maybe in means outgoing traffic comming from lan and out is inbound traffic going to lan server/machineCan you try swapping your limiter info?
-
I'm in brazil.
Hi Rodolfo,
I'm in Brazil too, if you want, take a look on portuguese forum too.
Comparing your screenshot with ptt, limiter info shows in/out, but you can see on video tutorials/screen shot that maybe in means outgoing traffic comming from lan and out is inbound traffic going to lan server/machineCan you try swapping your limiter info?
Hey there, yes we should pass this info along in the portuguese forums but for now we need everyone's help on this matter so after we get a straight answer it's easy to make a tutorial and translate not only to portuguese.
Anyway i still can't setup my limiters it doesn't work, it limits the download but nothing happens to the upload to be frank i am considering going back to clearos because of this i really feel sad that pfsense won't help us with something so simple, and if going back to clearos is what i have to do to get my limiters setup so be it, maybe it was a mistake coming to pfsense.
-
Did you tried swapping info on rule limiter field.
Limiter works, there are many people using it.
Are you testing upload from a connection started at lan or trying to fetch files from wan to lan?
Pfsense is a statefull firewall, so all rules are created where traffic begins. Your rule is on lan, so only traffic started on lan will match this rule.
I saw you have a rule on wrong tab. Change the rule with destination=192.168.10.8 from lan to wan.
Apply changes and test again.
-
Did you tried swapping info on rule limiter field.
Limiter works, there are many people using it.
Are you testing upload from a connection started at lan or trying to fetch files from wan to lan?
Pfsense is a statefull firewall, so all rules are created where traffic begins. Your rule is on lan, so only traffic started on lan will match this rule.
I saw you have a rule on wrong tab. Change the rule with destination=192.168.10.8 from lan to wan.
Apply changes and test again.
FTP Server running on a VPS behind nat firewall, therefore wan to lan. But the limiter must work from both sides.
-
The limiter will work on traffic matched by rules applied to it.
Move that rule to wan and test again.
-
The limiter will work on traffic matched by rules applied to it.
Move that rule to wan and test again.
Changed the rule to WAN
any protocol
Internal IP as Destination
In/Out = DOWN/UP
No rule applied in the lan interface.
still doesn't work…
-
keep the lan rule with source ip=192.168.10.8 on lan tab
If you created the nat from external ip to 192.168.10.8, there maybe already a rule on wan with destination=192.168.10.8
change this rule to apply limiter and check if there is no rule before that allowing access to the same server with no limiter info.
Also check other protocol, ftp does not use port 21 for data transfer. Maybe pfsense built in ftp proxy is skipping your limiter rule.
in short:
one rule on lan for server outgoing access
one rule on wan for internet access to server -
keep the lan rule with source ip=192.168.10.8 on lan tab
If you created the nat from external ip to 192.168.10.8, there maybe already a rule on wan with destination=192.168.10.8
change this rule to apply limiter and check if there is no rule before that allowing access to the same server with no limiter info.
Also check other protocol, ftp does not use port 21 for data transfer. Maybe pfsense built in ftp proxy is skipping your limiter rule.
in short:
one rule on lan for server outgoing access
one rule on wan for internet access to serverFINALLY!
FINALLY!
FINALLY!YESSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
EVERY nat rule must contain the In and Out information in order to get it working, in clearos you setup a single bandwidth rule pointing to a single ip and everything related to that same ip address is limited but it seems that pfsense is quite a lot different, setup the limiter in every nat rule, also one in lan and another in wan and it will work i'm not using destination and source address in limiters, well i regret trying to get help in the international forums now that i know that the answer was right here in our country.
in short:
setup limiters… LIKE A BOSS
make a lan rule... LIKE A BOSS
make another wan rule... LIKE A BOSS
tweak those nat rules... LIKE A BOSSSay we're awesome LIKE A BOSS!
Thanks! =D
-
Nice :)
As you are moving from Clearos to pfsense, you may need to take a look on some tutorials to understand better differences between both.
doc.pfsense.org has a lot of tutorials
On portuguese forum there are some topics on top with a lot of information that will help you.
http://forum.pfsense.org/index.php/board,12.0.html
