Would pfsense work for me to shape traffic this way?



  • Here's my situation and what I want to do but can't seem to find a router that will do this so was wondering if I can do this with pfsense.

    3 network cards
    Interface 1: WAN connected to cable Internet as DHCP with 28Mbps download 2Mbps upload
    Interface 2: LAN connected to a switch with multiple PCs connected to it
    Interface 3: LAN connected to a switch with my PC and then multiple IP phones

    Here's what I want to accomplish.  I want Interface 3 to be my main connection.  It will have some IP phones connected to it connecting to a hosted Asterisk system for VoIP.  My laptop will also connect to it as I need lots of bandwidth as my main connection.  My 2 employees have issues where they refuse to stop using torrents or Songza etc as they are actually contractors and use their own laptops.  So what I want is on Interface 2, a separate switch even though it puts them on another network, but keep them separate from the main Interface 3.  I want to limit Interface 2 though so that the max upload is 500kbps and max download is 5Mbps.

    That way on my main connection where the phones are connected won't ever be impacted by them downloading torrents etc.  Is this possible with pfsense?  I will prioritize voip etc on Interface 3, but I want to limit interface 2's bandwidth.

    I'm running pfsense as a test in vmware right now but I'm not sure how exactly I would do this.  I tried the wizards but it doesn't seem clear on what I want so wanted to check if this is possible?  Thanks!



  • The easy way to do it is with limiters, not running through the full blown shaper. Create the up and down limiters as desired for the hosts to be rate limited, configure as needed in firewall rules.
    http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter