Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiter on Website I host

    Scheduled Pinned Locked Moved Traffic Shaping
    6 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pt1xoomyahoo.com
      last edited by

      Hello,

      I'm sorry if this has been answered, but I can't seem to find what I'm looking for.

      I host a website on my network.  I have a NAT set up so that when someone hit my external interface on port 80, it is forwarded to the internal web server on port 80.

      I have a specific person (known external IP), that I want to limit their upload bandwidth from my server.  They download a large file, and I want to limit their bandwidth so that they do not use all of my available bandwidth.

      I have tried to set up the limiter in the following way
      Name: Outbound
      Bandwidth 1.5 Mbit/s
      Mask: none

      and

      Name: Inbound
      Bandwidth 60 Mbit/s
      Mask: None

      I have tried to create a floating rule
      Interface: WAN
      Direction: out
      Source: IP of internal web server
      Destination: IP of external IP address of the person downloading the file
      Under advanced:
      Gateway : WAN_DCHP
      In/Out: Outboud / Inbound (because I have the reverse them).

      When I run a speedtest, the speed is not being limited.

      What am I doing wrong?

      Thanks

      1 Reply Last reply Reply Quote 0
      • P
        pt1xoomyahoo.com
        last edited by

        So in my continuing search, I found this bug.

        https://redmine.pfsense.org/issues/4326

        It might now work right now.

        If someone else was able to get it to work, I would love to hear how.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

          In/Out will correspond to To/From your web server.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • P
            pt1xoomyahoo.com
            last edited by

            @Derelict:

            If you are port forwarding to a web server behind your firewall you should set the limiters on the rule that passes the traffic to your web server.  This is probably an auto-created NAT rule.  You can change the advanced options on the auto-rule.

            In/Out will correspond to To/From your web server.

            Thank you very much; however, when I apply the limiter to the NAT rule, the NAT rule stops working.  I can see the traffic being accepted by the firewall log file, but the packets are being dropped, silently.  I am seeing the behavior that is described in the above bug.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              I forgot about all the problems with limiters and NAT in 2.2.  Sorry.  Not sure if that's what you're seeing.  My testing showed the NAT rule would continue to work but the limiter wouldn't be in the flow.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66
                last edited by

                Is there a reason you don't want them to use all of the bandwidth if the bandwidth is not being used? I let my P2P use all of my bandwidth and I never notice it even when my connection is maxed.

                The only reason I ask is because most issues of "slowness" are caused by bufferbloat and lack of fairness, not a lack of bandwidth.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.