Limiter on Website I host



  • Hello,

    I'm sorry if this has been answered, but I can't seem to find what I'm looking for.

    I host a website on my network.  I have a NAT set up so that when someone hit my external interface on port 80, it is forwarded to the internal web server on port 80.

    I have a specific person (known external IP), that I want to limit their upload bandwidth from my server.  They download a large file, and I want to limit their bandwidth so that they do not use all of my available bandwidth.

    I have tried to set up the limiter in the following way
    Name: Outbound
    Bandwidth 1.5 Mbit/s
    Mask: none

    and

    Name: Inbound
    Bandwidth 60 Mbit/s
    Mask: None

    I have tried to create a floating rule
    Interface: WAN
    Direction: out
    Source: IP of internal web server
    Destination: IP of external IP address of the person downloading the file
    Under advanced:
    Gateway : WAN_DCHP
    In/Out: Outboud / Inbound (because I have the reverse them).

    When I run a speedtest, the speed is not being limited.

    What am I doing wrong?

    Thanks



  • So in my continuing search, I found this bug.

    https://redmine.pfsense.org/issues/4326

    It might now work right now.

    If someone else was able to get it to work, I would love to hear how.

    Thanks.


  • Netgate

    If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

    In/Out will correspond to To/From your web server.



  • @Derelict:

    If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

    In/Out will correspond to To/From your web server.

    Thank you very much; however, when I apply the limiter to the NAT rule, the NAT rule stops working.  I can see the traffic being accepted by the firewall log file, but the packets are being dropped, silently.  I am seeing the behavior that is described in the above bug.


  • Netgate

    I forgot about all the problems with limiters and NAT in 2.2.  Sorry.  Not sure if that's what you're seeing.  My testing showed the NAT rule would continue to work but the limiter wouldn't be in the flow.



  • Is there a reason you don't want them to use all of the bandwidth if the bandwidth is not being used? I let my P2P use all of my bandwidth and I never notice it even when my connection is maxed.

    The only reason I ask is because most issues of "slowness" are caused by bufferbloat and lack of fairness, not a lack of bandwidth.