Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limit the bandwidth of specific ports

    Scheduled Pinned Locked Moved Traffic Shaping
    9 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • labdarexL
      labdarex
      last edited by

      Hello and good day!

      I just wanted to know if it's possible to limit the bandwidth of specific ports such as port 80, 443, and 8080. Currently trying to test out if it's possible though but it seems that it's not limiting properly. Maybe I did something wrong though. I'm open for any suggestion to fix this.

      Hoping for some help and Thank you. - Jake Robert :D

      Ports

      Sample Port Bandwidth Limiter

      Scheduler of the Limiter

      IP address scope

      Download queue

      Upload queue

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Yeah.  Destination should be any.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • labdarexL
            labdarex
            last edited by

            @Harvy66:

            Rules are ingress based. Why would you put client_ip in the destination on your LAN interface? Or am I totally confused Friday night after a long week?

            @Derelict:

            Yeah.  Destination should be any.

            Alright I'll try to set Destination to "Any". I'll get back to you if it works. :p

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              If you want only client_ips to be limited, put the alias in the source instead.

              And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • labdarexL
                labdarex
                last edited by

                @Derelict:

                If you want only client_ips to be limited, put the alias in the source instead.

                And I think you only want the schedule on the limiter or the rule but not both, though I don't think the way you have it will keep it from working.

                Hi again currently I did some changes by dropping the "client_ips" to "any" and changed the scheduler to the limiter only not on the rule. Just to see if it works. Still I'm not sure if it's working correctly.

                Just to be sure though I think I got the concept of limiters all wrong though. The Limiters for the bandwidth of both the Download and Upload are only for each client that accesses the pfSense Installation and not the totality of an IP range?

                Example:

                192.168.1.101 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. Other IP address will also get the same rule?

                Instead of:

                From 192.168.1.101 to 192.168.1.200 accesses the pfsense installation gets limited to 2 mbit Download and 256 kbit Upload for ports 80, 443 and 8080. The rule is applied across the IP Range.

                Forgive me I'm a bit confused right now. :o

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

                  Which do you want?  A separate limiter for every client or a pool they all share?

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • labdarexL
                    labdarex
                    last edited by

                    @Derelict:

                    You can set it up either way depending on the mask and whether or not you create child limiters and how they are masked.

                    Which do you want?  A separate limiter for every client or a pool they all share?

                    I prefer a pool they will share. The rule is applied across an IP Range.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      https://forum.pfsense.org/index.php?topic=96941.msg543955#msg543955

                      You would, of course, tweak the firewall rule to match any address on the specific ports.

                      If you want a separate pool for each port you'll need to define a different set of limiters for each one.

                      As far as I know if you set the same limiters on different rules they're all pooled together.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.