Trafic Shaping Bandwith Limit Not working



  • For some reason after I upgraded to 2.1 my bandwidth limiting on a ip address stopped working. I tried making a new bandwidth rule and applying it to a different IP but that didn't work either.

    Any idea on what i should try next.



  • I am having the same issue. 
    Also using 2.1, but my system was not upgraded to 2.1 it started there.

    So I am gonna hang out here and see if anyone can assist us.



  • 2.1 added a subnet mask field to be able to group multiple hosts per pipe. Keep field blank for 2.0 behaviour. (You may need to delete and re-create the limiters to update the config, not sure)
    Generally, check if you did everything correctly, like so: https://forum.pfsense.org/index.php/topic,59224.0.html



  • Doesn't work for me either, applied post 2.1 upgrade, have it set just like the above posted link with blank subnet.



  • Make sure that the  limiter has a destination address or source address and in the mask IPV4 mask bits (1-32) fill the 32 and give it a try.



  • Having some issues with this as well. I tried it a few days ago, got it to work, and now when I want to activate the limiter again, it won't work.

    I figured out (sort of) what is happening. Any normal generated traffic gets shaped as it should, Speedtest and similar services show my limited bandwidth to within a few %. Perfect.

    However, Torrent-traffic does NOT get shaped. I can play with my limiter all I want, Speedtest will follow like a good dog, but Torrent-traffic does whatever the hell it wants. That's sad, because it's really the Torrent-traffic I need to limit and shape (I will eventually use pfSense on a larger LAN-party with limited bandwidth, ppls autostarted uTorrent-clients will NOT be able to ruin for the gamers, or legitimate downloads of patches and such). Is there some magic trick to make this work properly?

    When I have the limiter active on, say, 2Mbit/s, have a Torrent Active (say, a unix-iso) and run a speedtest, my total bandwidth shown in pfSense will be 2Mbit + whatever the Torrent is currently using. Speedtest will play nice and just use the 2Mbit I assigned to my entire computer. How is Torrent traffic getting round this? I've got it setup to filter ANY protocol from ANY host to ANY host. Whaaat?!

    It should be noted that I'm not interested in identifying Torrent traffic per se, I simply want to impose a hard upper limit for down-/uploads per host. Nothing fancy with prioritizing different traffic types or such nonsense.

    EDIT:
    As a followup question, to make an exception to this limiter (when it works), I merely create an identical rule with the exempted computer as the destination (or source?), make it quick and place it above the limiter in the rules list, yes?



  • Have tried making the next to last rule on the LAN side be something like this:

    IPv4 / TCP  Source - LAN Subnet Port * Destination ! LAN Subnet (anything not on the LAN Subnet) Port *  Gateway - pick your gateway from the list Set your limits on this rule.

    Put that above your default any any rule on the LAN side and see if that works.



  • This sounds like the limiter is capping at the limit, but per connection (that's why torrent downloads do not obey the limits, as they have multiple sources).

    What if you run two Speedtests simultaneously on two browsers?



  • @georgeman:

    This sounds like the limiter is capping at the limit, but per connection (that's why torrent downloads do not obey the limits, as they have multiple sources).

    What if you run two Speedtests simultaneously on two browsers?

    Seems like you are on to something. Creating a limiter where I set 3/2 Mbit/s for download and upload, respectively, I get what you predicted; a total bandwidth between two speedtests summing up to 3 Mbit/s down and 2 Mbit/s up.

    So that's that then, since pfSense can't figure out that a bunch of P2P-connections should be put in the same pipe as everything else from that particular host, I'm dead in the water? I really don't want to start messing around with Queue-rules since it's more or less impossible to predict and implement every port for every game we play at our LAN-parties, using that to "white list" everything that is allowed and giving all unrecognized traffic lower priority.

    It would fit our purposes perfectly to give every user its own slice of bandwidth, and thereby 1. forcing them to manage their own downloads to not throttle their gaming, and 2. limiting their impact to other good behaving players gaming experience.



  • I would have predicted the opposite, I thought that two simultaneous Speedtests were going to also exceed the limit, when combined.

    What about two simultaneous downloads, from two different sites? Does that exceed the limit?



  • @georgeman:

    I would have predicted the opposite, I thought that two simultaneous Speedtests were going to also exceed the limit, when combined.

    What about two simultaneous downloads, from two different sites? Does that exceed the limit?

    I found a proper alternative to this, the Captive Portal limiter. It seems to work in a different manner than the FW-rules applied one. I'm guessing it acts as a proxy to a particular MAC-address, and those even torrent won't bother with fiddling with.