• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Speed Limit not working using limiter

Scheduled Pinned Locked Moved Traffic Shaping
10 Posts 3 Posters 12.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    phalguni
    last edited by Feb 7, 2015, 7:07 AM

    I have Done the following steps for Limiting the bandwidth per IP.

    1. Firewall –-->Traffic Shaper --->limiter----> create new limiter( I have created two new limiter the are as follows ).

    a) enabled the "Enable limiter and its children" --->name "up lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .
    b) enabled the "Enable limiter and its children" --->name "down lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

    2. Firewall ---->rules ----->lan----> + (Create new rule) ---> most of the settings are unchanged, only the following settings are changed .

    Protocol :  TCP/UDP -----> source :  single host or alias ---> put the client machine's IP -----> in/out: " down lan"  "up lan" ---> then save

    but when I am checking the client speed using speedtest.net , limiter not working .

    Kindly guide on this.

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Feb 7, 2015, 8:26 AM

      Ok.  That's wrong.

      I assume you want a 2Mb download / 2Mb upload limit per host.

      a) enabled the "Enable limiter and its children" –->name "up lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

      Should be:

      a) enabled the "Enable limiter and its children" –->name "up lan" ---->bandwidth "2mb"---->source address ---> Don't set a mask.  Leave it at the default (/32)

      b) enabled the "Enable limiter and its children" –->name "down lan" ---->bandwidth "2mb"---->source address ---> mask IPV4 "8" .

      Should be:

      b) enabled the "Enable limiter and its children" –->name "down lan" ---->bandwidth "2mb"---->dest address ---> Don't set a mask.  Leave it at the default (/32)

      Protocol :  TCP/UDP –---> source :  single host or alias ---> put the client machine's IP -----> in/out: " down lan"  "up lan" ---> then save

      Should be:

      Protocol :  TCP/UDP –---> source :  single host or alias ---> put the client machine's IP -----> in/out: "up lan" "down lan" ---> then save

      Make sure that rule is above anything else that matches.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • P
        phalguni
        last edited by Feb 7, 2015, 8:45 AM

        Thank you Sir,

        But still it's not working. Is there any other mandatory setting.

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Feb 7, 2015, 6:20 PM

          Post screenshots:  Limiter configs, firewall rules.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • L
            lmontalvan
            last edited by Feb 12, 2015, 2:20 PM Feb 12, 2015, 2:03 PM

            Hello everyone.

            I too have the same problem. is a PFSense 2.2 (no update, new installation).

            the traffic Shapping Works in a host, but don´t work for a network.

            The rules in the Firewall is:

            Proto                        Source            Port    Destination    Port      Gateway    Queue
            IPv4 TCP/UDP      10.70.240.0/21        *          *            80 - 443        *          none

            Featur Advance:
            IN/OUT –>  INLAN / OUT LAN  (6MB for each)

            The Limiter in the Traffic Shaper:

            enabled the "Enable limiter and its children" --->name "in lan" ---->bandwidth "6mb"---->source address ---> Don't set a mask
            enabled the "Enable limiter and its children" --->name "out lan" ---->bandwidth "6mb"---->source address ---> Don't set a mask

            The configuration is Proxy Transparent

            I send the screenshots

            Advance_feature.jpg
            Limiter-in-lan.jpg
            firewall_Rules_Edit.jpg
            Limiter-out-lan.jpg
            Rules_Firewall.jpg
            Advance_feature.jpg_thumb
            Limiter-in-lan.jpg_thumb
            firewall_Rules_Edit.jpg_thumb
            Limiter-out-lan.jpg_thumb
            Rules_Firewall.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • D
              Derelict LAYER 8 Netgate
              last edited by Feb 12, 2015, 6:33 PM

              There are no queues defined for that rule so I don't know why you're showing that.  If that's the traffic you want to limit you have to set the in/out queues on that rule.

              You probably want to make an alias for ports 80 and 443 and use that instead of the range 80-443.  Or make one rule for each port.

              There is no need to include UDP for HTTP/HTTPS.  They are both TCP-only.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • L
                lmontalvan
                last edited by Feb 13, 2015, 4:55 PM

                Hi Derelict.

                Is necesary the queue?

                Is not enough the limiter?

                1 Reply Last reply Reply Quote 0
                • D
                  Derelict LAYER 8 Netgate
                  last edited by Feb 13, 2015, 5:01 PM

                  You create the limiters, but then you need to assign traffic to the limiter queues using firewall rules.  In the IN/OUT advanced section.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • L
                    lmontalvan
                    last edited by Feb 13, 2015, 7:47 PM

                    Effectively I have it configured that way, in the screenshots I sent is the configuration

                    1 Reply Last reply Reply Quote 0
                    • D
                      Derelict LAYER 8 Netgate
                      last edited by Feb 13, 2015, 8:25 PM

                      No idea what you need to do to make it work with a proxy.  sorry.

                      I do see one more error.  You have both limiters masked by source address.

                      On LAN:
                      your out queue will be your clients' download and should be masked by dest address
                      your in queue will be your clients' upload and should be masked by source address.

                      These should be applied to your lan rules with in as in and out as out.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      1 out of 10
                      • First post
                        1/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received