PfSense/Tomato on bandwidth shaping in monastery

  • Hi,
    I'm the ICT volunteer at a monastery. I'm looking at solving a recent problem we have with bandwidth consumption from the guesthouse, and I would appreciate your advice and input.

    Our monthly bandwidth is 100GB, at 50Mbps down, 1Mbps up. Our own use is 5GB/month.
    During the last year we have had a few months were the consumption was over the limit and we were put on a limited connection, which is what I want to avoid.
    This consumption comes from some pilgrims who have a very large consumption.
    I want to provide the pilgrims with the possibility of uploading their pictures, email,etc, but limit abnormal uses such as large file downloads, torrenting and media streaming.
    Asking people to not abuse it has not helped, most are here only for one day, so I need to make it automatic. I want people to have full speed on everything, unless their BW consumption is rapidly rising.

    I have 5 routers/AP's running Tomato, sole purpose is providing wireless. I have experience with Tomato as a router at home, I know that it is effective at primitive QoS, but I fear the hardware could max out or crash with our kind of use.

    What I'm researching now is what do I need as a router to manage this effectively?
    Goals are:

    • No more overconsumption -> either QoS, limited per-user bandwidth, BW throttling triggered from a certain consumption point. (latter would be best)
    • captive portal where the rules of use can be listed. (not a dealbreaker, but would be convenient to list the rules)
    • no need for continued resetting, monitoring, etc.

    I installed PfSense 2 on a VM to test it, but I am overwhelmed by all the features. Can it be simplified enough to still be performant and secure (only Qos/BW and Captive Portal)? I was thinking about using an ALIX box.
    Other alternative is Tomato. I know the system well, if the QoS can be configured well enough and the hardware not be overwhelmed in busy period then perhaps this is the better solution.

    I look forward to your comments.

  • Netgate Administrator

    A monastery you say. Interesting.  :)

    If you are familiar with tomato and flashing it to router you should have no problem getting a handle on pfSense. It can seem a little overwhelming at first.

    I have never used tomato (though I have used dd-wrt and OpenWRT) so I can't comment on that directly. However there are a number of bandwidth limiting options in pfSense, I would expect to be able to get a better solution using it.

    The Alix has a maximum throughput of 85Mbps without any services, such as QoS, running. I would advise you to use something more powerful. Can you continue to run it as  VM?

    Captive portal is no problem.

    I am unsure about throttling from a consumption point on a per user basis. Others have asked similar question though, try searching the forum.


Log in to reply