How to configure for an building that rents out offices



  • We are testing to see if Pfsense will work in our enviroment, but im a little stuck on how to accomplish it.

    • We own a building that rents out office space.

    • Our tenants pay for internet connection based on speed (1mb down/5mb down/10mb down) so we need to be able to limit each office based on thier internet plan.

    • We provide our tenants a external static ip address. They then use thier own linksys routers and configure it with the WAN IP we provide.

    What I need help with:
    1.) Setup PFsense so that each tenant has thier own WAN IP
    2.) configure pfsense to bandwidth limit these tenants.

    How can I configure pfsense to handle this?
    I'd be willing to pay/tip someone for their time to help plan it.


  • Rebel Alliance


  • Netgate Administrator

    How many tenants do you have? Too many to handle things 'manually'?

    Do you have public IPs that you intend to hand to each of you tenants or are you NATing everything?

    You need to setup limiters to provide the correct bandwidth to each tenant and then configure firewall rules to send all their traffic through the correct one. See: http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

    Assigning IPs to each client will be different if they're public or private. Are you handing out the Linksys Routers? If so you can record the MAC of each one and do it that way.

    It will be far easier and quicker in a situation like this to just buy some support time from BSDPerimeter. That way you are directly supporting the project as well.  :)

    Steve



  • @stephenw10:

    How many tenants do you have? Too many to handle things 'manually'?

    Do you have public IPs that you intend to hand to each of you tenants or are you NATing everything?

    You need to setup limiters to provide the correct bandwidth to each tenant and then configure firewall rules to send all their traffic through the correct one. See: http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

    Assigning IPs to each client will be different if they're public or private. Are you handing out the Linksys Routers? If so you can record the MAC of each one and do it that way.

    It will be far easier and quicker in a situation like this to just buy some support time from BSDPerimeter. That way you are directly supporting the project as well.  :)

    Steve

    We will be assigning public ip's to each of the tenants.
    We are not handing out the linksys routers, the tenants are responsible for supplying thier own. All we do is provide them a RJ45 Jack that they plug whatever device they want to it.

    I'd prefer not to pay $500 for support. Surely someone on the forums can point me in the right direction or allow me to pay them for thier time in helping us.


  • Netgate Administrator

    Ok, I can understand that.  :)
    So I would do this in three steps.
    1. Record the MAC of each of your clients routers either directly from the device or by looking at the DHCP lease table and then configure each one to static lease.

    2. Add alias IPs to your WAN interface for each of your public IPs. Configure 1:1 NAT with each of the aliases to a clients private IP.
    Good video tutorial for this step here: http://www.youtube.com/watch?v=zrBr0N0WrTY

    3. Create limiters for each client and configure firewall rules to direct traffic through them.

    If you want to hand public IP addresses to your clients boxes directly you can do that by disabling NAT entirely but that's beyond my experience.
    http://doc.pfsense.org/index.php/How_can_I_use_public_IP's_on_the_LAN%3F

    Steve


Log in to reply