[Solved] traffic not being controlled properly

  • Hello all, I have a client on my network that I would like to set a hard bandwidth limit on. I've already setup the MAC address with a static DHCP so the machine gets the same IP all the time. I then went into the traffic shaping setup, and setup the IP as a penalty, then set the speed I wanted to limit it to. However, the client is still able to use the full pipe after everything was setup, what did I do wrong?

    I want ALL the traffic, encrypted, unencrypted and anything to be set to this hard limit that I want.

    Do I have to restart pfsense after I put the traffic shaping in place? I know when I was running m0n0wall I did not, I just hit apply and it was turned on.

  • You don't have to restart pfSense for it to take effect.
    If you look at status -> queues, do you see his traffic being put into the right queue?
    When you say encrypted traffic, are you using IPSEC or OpenVPN, or do you just mean SSH, HTTPS, etc?

  • Well, unfortunately that computer is not on the network right now, so I can't tell, but I did set a static IP to that IP address that I have in the traffic shaper and it followed the rules, so I'm hoping that when the computer comes back to the network it will do the same. I can see the traffic in the queue.

    When I said encrypted traffic I meant mainly from bittorrent. Thats the main reason why I want to put a squeeze on this computer is because its consuming the whole network, bring it to a crawl. I set the upload to 256kbits/sec and 2500 kbits down, that seems fair, but won't destroy the network. We have a 16/2 business comcast setup. I setup a test computer on that IP and ran encrypted bittorrent of a linux ISO download and it followed the rules, so I hope it works now. I don't know why it wasn't working before.  ??? I didn't change anything.  :-\

    I think I figured it out why it wasn't working. I turned on the traffic shaper while the computer was downloading, expecting it to start slowing all of the active connections down, but the traffic shaper needs to be in place before the computer starts downloading things again. So, I will leave the traffic shaper enabled and when the computer comes back to the network I will see if it now follows the rules.  :o ;D I figured this out by looking at the queues, some traffic was going through the shaper, and already open connections were going through the LAN/WAN queues. Thanks for pointing me in the right direction.
    BTW, I think I was expecting it to act like it did in m0n0wall, where as soon as you enabled it, it would slow open connections, not just new ones starting.

Log in to reply