Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Best strategy for limiting in public library setting

    Traffic Shaping
    2
    2
    1096
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      librarymark last edited by

      Folks -

      What would be the best strategy limiter/rules-wise to limit the bandwidth of each public machine in the library I work at? We are using 2.0.1-RELEASE, and I am able to limit people one at a time - currently I have one alias call the "slammer" and I can put a given IP in that spot and slow down that one seat (the guy that sits there likes to open 10 youtubes at a time!), but what I would like to is limit all 78 of my public machines. Is there a way to create a blanket alias of all the machine IP's and limit each one by a certain bandwidth, but not the entire group? We have a 50Mbs pipe and I would like to give each patron no more than 1mb or so at a time. Do I have to set up a rule for each seat?

      1 Reply Last reply Reply Quote 0
      • J
        Javik last edited by

        My recent post covers the basics of this:
        Works! Limiting multiple LAN users, thru single external proxy
        http://forum.pfsense.org/index.php/topic,60861.0.html

        In general, to create different speed groups, you need to do some coordination of your network addresses, and you can't just use automatic address assignment by DHCP for the entire building LAN.

        You'll probably want to inventory all the MAC addresses of the public machines so that they can be assigned addresses within the same common block, via DHCP MAC reservations . (You can also manually assign addresses directly to each machine without DHCP reservations, though this can be a maintenance hassle if the machines are wiped and reimaged occasionally.)

        The collective address range is then restricted by the limiter. Anything outside the range would be permitted full speed.

        A more thorough option is to group all the wired public machines into a single network switch or a VLAN, and then applying a subnet and automatic DHCP to that entire group through an optional interface on your pfSense router.

        This requires lots of fiddly crawling around under tables, locating of ports on walls and who is what port number, and then moving cables around in closets to put all the wires into a common group on a single switch or to make a VLAN range of ports.

        (You can also create a freeform VLAN for scattered ports across the switch without moving cables on the switches, but this is more management hassle later if there's a problem, IMO.)

        This would allow the computers to all be limited without needing to do DHCP reservations, and also allows for an open public wifi service for patron laptops and mobile devices to join the subnet and be limited also.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post