Per IP traffic shaping–share bandwith evenly between IP addresses??
-
@fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
My configuration is as follows:
You need to create two limiters. One for Download and one for Upload. The mask should be set to "none". The Bandwidth Limit of both should be set to the bandwidth of your connection.
Now, inside of the Download Limiter, you add a queue. The mask should be "Destination Address". The IPv4 mask bits will be 32 (i don't use IPv6, but it's set as 128 mask bits by default).
In my case, i had 3 internal adapters, so i added one queue for every adapter under the Download Limiter.
If you set this right, the screen will show the Download Limiter as a folder, and the queue(s) under it, something like this:
You then add queue(s) for the Upload Limiter. This is almost identical to the download queues, but you choose "Source Addresses" as the mask.
Finally, you need to add rules to link traffic to every queue. For example, my rule for the LAN adapter looks like this:
It's a floating rule.
Action: Match
Direction: in
Address Family: IPv4
Protocol: any
Source: LAN net
Destination: (NOT your internal networks)
In/Out Pipe: Lan Upload Queue / Lan Download QueueFor additional adapters, just add additional rules, with the corresponding Source.
That's it.
Regards.is this working in 2.4.4 p3 version?
Destination: (NOT your internal networks)
do you have screenshot for this for the settings? thanks!
-
@dyobetem sorry, i can't take a screenshot right now, and probably won't be of much help, but the explanation is easy: the destination for the floating rule that limits the traffic would be INTERNET, but as there is no built-in network in pfsense that means INTERNET, you have to define it some other way. If you only have the LAN as your internal network, you just select "LAN network" as the destination for this firewall rule, and then check the "not" checkbox next to it. So, the rule to limit traffic will be applied to all traffic from LAN and going outside the LAN (which will be the INTERNET in this case).
If you had multiple internal networks/adapters, you would create an alias with all your internal networks (lets name it INTERNAL), then instead of using NOT LAN as the destination, you use NOT INTERNAL. Whatever way you have of telling the router to apply the rule to traffic going to the internet.This continues to work, if you create the limiters and keep the default schedulers.
I hope that helps.
Regards. -
it seems my limiter is working now (shared bandwidth) for lan and wifi. i set my rules in (lan/wifi), (not in floating rules).
is this ok? -
@fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
I tried to change the limiter's scheduler to FQ_CODEL, and that seems to completely break the child queues. Going to "limiter info" show the queues to be empty, instead of the normal lists filtered by IP.
Going back to the default scheduler restores normal queue functionality.
Is this a bug in FQ_CODEL ?
tried this scheduler also, same result as yours.
-
@dyobetem said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
it seems my limiter is working now (shared bandwidth) for lan and wifi. i set my rules in (lan/wifi), (not in floating rules).
is this ok?If your wifi and lan both go out to the same wan connection, you should make only one download limiter and then add a queue under that limiter for lan and for wifi. Take a look at my image above. When modifiyng limiters, i suggest that you reboot the firewall.
The same for the upload limiter: one upload limiter, and two queues under it (one for lan, the other for wifi).
You can use either a floating rule, or rules in every internal adapter. The last method requires more rules to be created, but is easier to implement, as floating rules are more complex. -
@fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
@dyobetem said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
it seems my limiter is working now (shared bandwidth) for lan and wifi. i set my rules in (lan/wifi), (not in floating rules).
is this ok?If your wifi and lan both go out to the same wan connection, you should make only one download limiter and then add a queue under that limiter for lan and for wifi. Take a look at my image above. When modifiyng limiters, i suggest that you reboot the firewall.
The same for the upload limiter: one upload limiter, and two queues under it (one for lan, the other for wifi).
You can use either a floating rule, or rules in every internal adapter. The last method requires more rules to be created, but is easier to implement, as floating rules are more complex.i see, but how can i set a separate bandwidth limit for my wifi(captive portal)? i want to set a speed limit of 10mbps for download and 4mbps for upload for my lan network and another 10mbps for download and 4mbps also for upload for wifi(captive portal). I want every users in each interface to share the bandwidth I've set rather than setting a limit per IP.
My ISP's bandwidth is 25mbps for dowload and 10Mbps for upload.
thanks!
-
@dyobetem said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
@fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
@dyobetem said in Per IP traffic shaping–share bandwith evenly between IP addresses??:
it seems my limiter is working now (shared bandwidth) for lan and wifi. i set my rules in (lan/wifi), (not in floating rules).
is this ok?If your wifi and lan both go out to the same wan connection, you should make only one download limiter and then add a queue under that limiter for lan and for wifi. Take a look at my image above. When modifiyng limiters, i suggest that you reboot the firewall.
The same for the upload limiter: one upload limiter, and two queues under it (one for lan, the other for wifi).
You can use either a floating rule, or rules in every internal adapter. The last method requires more rules to be created, but is easier to implement, as floating rules are more complex.i see, but how can i set a separate bandwidth limit for my wifi(captive portal)? i want to set a speed limit of 10mbps for download and 4mbps for upload for my lan network and another 10mbps for download and 4mbps also for upload for wifi(captive portal). I want every users in each interface to share the bandwidth I've set rather than setting a limit per IP.
My ISP's bandwidth is 25mbps for dowload and 10Mbps for upload.
thanks!
As you need different limits for every adapter, then you would need to create a download and upload limiter for every interface. A limiter is just a way to limit the amount of BW of any traffic that you want to send thru it.
For example, you could create 4 limiters:
DL_lan (10 M)
UL_lan (4 M)
DL_wifi (10 M)
UL_wifi (4 M)Then, you assign that limiters by using rules, and if done right, LAN will only download up to 10 Mbps, and upload up to 4 Mbps, and the same for WIFI. You need to create one queue inside each limiter and set masks on the queues, not on the limiters themselves. At least that's how i have it configured, and it works fine like that, at least with the default queue options (scheduler, etc). The mask on the download queues would be set as "Destination addresses", and 32 bits (so that every IP will be considered individually, and the traffic is shared fairly for every IP). The mask on the upload queues would be set as "Source addresses", and 32 bits also.
But why not just have only one download limiter and one upload limiter with 20 M / 8 M, and use them for both LAN and WIFI traffic? That way, every IP of either adapter could potentially access all available bandwith, instead of half of it.
-
@foxale08 I don't suppose you can repost your guide in text form because it seems like the images you posted which worked for so many people are lost? I would be grateful!
-
@fsr Any chance you can repost the foxale08 instructions since it worked for you recently? It seems the images are lost in the forum for me.
-
I also can't see them and would like that guide :)
-
I've saved all of them when PFsense was an older version, but they should still be useful. Maybe someone applies them to the last pfsense version and take screenshots and uploads them back...
-
This post is deleted!