Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Limiter on Website I host

    Traffic Shaping
    3
    6
    657
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pt1xoomyahoo.com last edited by

      Hello,

      I'm sorry if this has been answered, but I can't seem to find what I'm looking for.

      I host a website on my network.  I have a NAT set up so that when someone hit my external interface on port 80, it is forwarded to the internal web server on port 80.

      I have a specific person (known external IP), that I want to limit their upload bandwidth from my server.  They download a large file, and I want to limit their bandwidth so that they do not use all of my available bandwidth.

      I have tried to set up the limiter in the following way
      Name: Outbound
      Bandwidth 1.5 Mbit/s
      Mask: none

      and

      Name: Inbound
      Bandwidth 60 Mbit/s
      Mask: None

      I have tried to create a floating rule
      Interface: WAN
      Direction: out
      Source: IP of internal web server
      Destination: IP of external IP address of the person downloading the file
      Under advanced:
      Gateway : WAN_DCHP
      In/Out: Outboud / Inbound (because I have the reverse them).

      When I run a speedtest, the speed is not being limited.

      What am I doing wrong?

      Thanks

      1 Reply Last reply Reply Quote 0
      • P
        pt1xoomyahoo.com last edited by

        So in my continuing search, I found this bug.

        https://redmine.pfsense.org/issues/4326

        It might now work right now.

        If someone else was able to get it to work, I would love to hear how.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

          In/Out will correspond to To/From your web server.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • P
            pt1xoomyahoo.com last edited by

            @Derelict:

            If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

            In/Out will correspond to To/From your web server.

            Thank you very much; however, when I apply the limiter to the NAT rule, the NAT rule stops working.  I can see the traffic being accepted by the firewall log file, but the packets are being dropped, silently.  I am seeing the behavior that is described in the above bug.

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              I forgot about all the problems with limiters and NAT in 2.2.  Sorry.  Not sure if that's what you're seeing.  My testing showed the NAT rule would continue to work but the limiter wouldn't be in the flow.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66 last edited by

                Is there a reason you don't want them to use all of the bandwidth if the bandwidth is not being used? I let my P2P use all of my bandwidth and I never notice it even when my connection is maxed.

                The only reason I ask is because most issues of "slowness" are caused by bufferbloat and lack of fairness, not a lack of bandwidth.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post