Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Limit the bandwidth of specific ports

    Traffic Shaping
    3
    9
    2937
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • labdarex
      labdarex last edited by

      Hello and good day!

      I just wanted to know if it's possible to limit the bandwidth of specific ports such as port 80, 443, and 8080. Currently trying to test out if it's possible though but it seems that it's not limiting properly. Maybe I did something wrong though. I'm open for any suggestion to fix this.

      Hoping for some help and Thank you. - Jake Robert :D

      Ports

      Sample Port Bandwidth Limiter

      Scheduler of the Limiter

      IP address scope

      Download queue

      Upload queue

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66 last edited by

        Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Yeah.  Destination should be any.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • labdarex
            labdarex last edited by

            @Harvy66:

            Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

            @Derelict:

            Yeah.  Destination should be any.

            Alright I'll try to set Destination to "Any". I'll get back to you if it works. :p

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              If you want only client_ips to be limited, put the alias in the source instead.

              And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • labdarex
                labdarex last edited by

                @Derelict:

                If you want only client_ips to be limited, put the alias in the source instead.

                And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

                Hi again currently I did some changes by dropping the "client_ips" to "any" and changed the scheduler to the limiter only not on the rule. Just to see if it works. Still I'm not sure if it's working correctly.

                Just to be sure though I think I got the concept of limiters all wrong though. The Limiters for the bandwidth of both the Download and Upload are only for each client that accesses the pfSense Installation and not the totality of an IP range?

                Example:

                192.168.1.101 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. Other IP address will also get the same rule?

                Instead of:

                From 192.168.1.101 to 192.168.1.200 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. The rule is applied across the IP Range.

                Forgive me I'm a bit confused right now. :o

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

                  Which do you want?  A separate limiter for every client or a pool they all share?

                  Chattanooga, Tennessee, USA
                  The pfSense Book is free of charge!
                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • labdarex
                    labdarex last edited by

                    @Derelict:

                    You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

                    Which do you want?  A separate limiter for every client or a pool they all share?

                    I prefer a pool they will share. The rule is applied across an IP Range.

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      https://forum.pfsense.org/index.php?topic=96941.msg543955#msg543955

                      You would, of course, tweak the firewall rule to match any address on the specific ports.

                      If you want a separate pool for each port you'll need to define a different set of limiters for each one.

                      As far as I know if you set the same limiters on different rules they're all pooled together.

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post