Limitar ancho de banda a distintas IPs

gpechieu

Una duda muy grande, que nunca pude hacer funcionar es limitar el ancho de banda por IP, para asignar velocidades distintas a mis clientes… he tratado de pedir ayuda en el irc, pero nunca encuentro a scott (q siempre me ayuda cuando puede) y los demas no dan bola... no explican sin detalles.
Alguien sabe como hacer esto? y si pueden pasar los datos para publicar un PDF en español seria buenisimio, yo lo puedo hacer sin ningun problema

MicroLan

http://wiki.m0n0.ch/wikka.php?wakka=TrafficShaperHowTO aca tenes una muy buena explicació, en ingles (no especifica bien como es el control por ip pero ta piola) sino aca te explico un poquito yo

1ro. Yo solo logré que funcione con PIPES (si uso queues no me anda)
2do. Creas 2 PIPES una 128 BAJADA (Llamada BAJADA)  otra 64 SUBIDA (LLAMADA SUBIDA) por ejemplo para limitar por ip a 128 b y 64 s
3ro. Tenes que crear 2 reglas 1 de bajada y otra de subida de la siguiete forma:
BAJADA:
Target: la PIPE BAJADA
Interface: WAN
Proto: ANY
Source: ANY
Source port range : ANY
Destination: LA IP QUE QUERES LIMITAR
Destination port range: ANY
Direction: IN
Description: IP 192.168…. limitada a 128 k

SUBIDA:
Target: la PIPE SUBIDA
Interface: WAN
Proto: ANY
Source: LA IP QUE QUERES LIMITAR
Source port range : ANY
Destination: ANY
Destination port range: ANY
Direction: OUT
Description: IP 192.168.... limitada a 64 k

de esa foma limitas la bajada a 128 k y la subida a 64 k de la ip que quieras, tené en cuenta que tenes que sacar las pipes queue y reglas del traffic shaper para que te ande como vos querés

guifate

Esta es la forma en que tengo configurado el limite de ancho de banda, lo tengo en MONOWALL
1º Configure las pipes en donde cree 2 para el total de ancho de banda de mi firewall qu en este caso son:
No.  Bandwidth              Description
1    230 Kbit/s              m_Total Upload     
2    973 Kbit/s              m_Total Download

2º Configure las pipes para el limite que le quiero dar a cada usuario:
No. Bandwidth            Mask        Description
5    85 Kbit/s          destination    bajada     
6    40 Kbit/s          source          subida

3º en las Rules lo configure asi:
If        Proto          Source        Destination            Target              Description 
wireless  *                  *          192.55.55.8          bajada              usuario1     
wireless  *            192.55.55.8          *                  subida                usuario1

configurado de esta manera me funciona perfecto.
si tenes msn mi email es    guifate@hotmail.com  asi podriamos intercambiar info
espero te sirva esto saludos

djmidwav

oyer configure el pfsense con los parametros que me diste, y cuando realize test de velocidad estos demoraron mucho,,,, y eso que solo habian 4 pc,  y los limite a  128 Bajada y 64 Subida….

Creo que podriamos utilizar via comandos la opcion TC...

gpechieu

Logre configurar el ancho de banda, con queues, tube que crear 2 queues por cada usuario y 2 reglas tambien, es un dolor de cabeza, porque tenes que tener configurado las parent queues y no superar la suma de ambos, sino cuando se carga tira error. yo les dejo una configuracion muy bonita que me sirvio.
En esta configuracion tengo limitado los p2p a menos de 128 Kb y tengo un alias (con 8 maquinas) que tienen para usar un maximo de 500 Kb (en prioridad alta).
<ezshaper><step2><download>608</download>
<upload>128</upload>
<inside_int>lan</inside_int>
<outside_int>wan</outside_int></step2>
<step3><provider>Generic</provider>
<bandwidth>32</bandwidth>

<address>

<step4><enable>on</enable>
<aimster>on</aimster>
<bittorrent>on</bittorrent>
<buddyshare>on</buddyshare>
<cutemx>on</cutemx>
<dcplusplus>on</dcplusplus>
<dcc>on</dcc>
<directconnect>on</directconnect>
<directfileexpress>on</directfileexpress>
<edonkey2000>on</edonkey2000>
<fasttrack>on</fasttrack>
<gnutella>on</gnutella>
<grouper>on</grouper>
<hotcomm>on</hotcomm>
<hotlineconnect>on</hotlineconnect>
<imesh>on</imesh>
<napster>on</napster>
<opennap>on</opennap>
<scour>on</scour>
<songspy>on</songspy>
<winmx>on</winmx>
<p2pcatchall>on</p2pcatchall>
<shareaza>on</shareaza></step4>
<step5><step6><enable>on</enable>
<msrdp>L</msrdp>
<vnc>L</vnc>
<appleremotedesktop>L</appleremotedesktop>
<pcanywhere>L</pcanywhere>
<irc>D</irc>
<icq>H</icq>
<aolinstantmessenger>D</aolinstantmessenger>
<msnmessenger>H</msnmessenger>
<teamspeak>L</teamspeak>
<pptp>D</pptp>
<ipsec>L</ipsec>
<streamingmp3>L</streamingmp3>
<rtsp>L</rtsp>
<http>H</http>
<smtp>H</smtp>
<pop3>H</pop3>
<imap>D</imap>
<lotusnotes>D</lotusnotes>
<dns>H</dns>
<icmp>D</icmp>
<smb>L</smb>
<snmp>L</snmp>
<mysqlserver>L</mysqlserver>
<nntp>L</nntp>
<cvsup>D</cvsup></step6>

<dnsupdate><host><ttl>60</ttl>
<keyname><keytype>zone</keytype>
<keydata></keydata></keyname></host></dnsupdate>
<shaper><schedulertype>hfsc</schedulertype>
<queue><name>qwanRoot</name>
<associatedrule>0</associatedrule>
<priority>0</priority>
<parentqueue>on</parentqueue>
<bandwidth>128</bandwidth>
<bandwidthtype>Kb</bandwidthtype></queue>
<queue><schedulertype><bandwidth>610</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
<priority>0</priority>
<name>qlanRoot</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue>
<attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><name>qwandef</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<priority>3</priority>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit></queue>
<queue><name>qlandef</name>
<priority>3</priority>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit></queue>
<queue><schedulertype><bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<priority>10</priority>
<name>qwanacks</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>10%</realtime3>
<realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule><ack>on</ack>
<rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<priority>10</priority>
<name>qlanacks</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>10%</realtime3>
<realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule><ack>on</ack>
<rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>16</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
<priority>0</priority>
<name>qP2PUp</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1b</realtime3>
<realtime2><realtime1><upperlimit>on</upperlimit>
<upperlimit3>16Kb</upperlimit3>
<upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>82</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
<priority>0</priority>
<name>qP2PDown</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1b</realtime3>
<realtime2><realtime1><upperlimit>on</upperlimit>
<upperlimit3>82Kb</upperlimit3>
<upperlimit2>1</upperlimit2>
<upperlimit1>1Kb</upperlimit1>
<parentqueue><attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<priority>9</priority>
<name>qOthersUpH</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1Kb</realtime3>
<realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<priority>9</priority>
<name>qOthersDownH</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1Kb</realtime3>
<realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><name>qOthersUpL</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>2</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit></queue>
<queue><name>qOthersDownL</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>2</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit></queue>
<queue><schedulertype><bandwidth>500</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
<priority>10</priority>
<name>BajadaIlimitada</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1b</realtime3>
<realtime2><realtime1><upperlimit>on</upperlimit>
<upperlimit3>500Kb</upperlimit3>
<upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<queue><schedulertype><bandwidth>100</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
<priority>10</priority>
<name>SubidaIlimitada</name>
<borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime>
<realtime3>1b</realtime3>
<realtime2><realtime1><upperlimit>on</upperlimit>
<upperlimit3>100Kb</upperlimit3>
<upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule><rio><red>on</red>
<ecn>on</ecn>
<defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>443-443</port></any></destination>
<descr>m_Other HTTPS outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>443-443</port></destination>
<descr>m_Other HTTPS inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>80-80</port></destination>
<descr>m_Other HTTP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>80-80</port></any></destination>
<descr>m_Other HTTP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>53-53</port></destination>
<descr>m_Other DNS1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>53-53</port></destination>
<descr>m_Other DNS2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>25-25</port></any></destination>
<descr>m_Other SMTP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>25-25</port></destination>
<descr>m_Other SMTP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5190-5190</port></any></destination>
<descr>m_Other ICQ2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5190-5190</port></destination>
<descr>m_Other ICQ2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5190-5190</port></destination>
<descr>m_Other ICQ1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<protocol>tcp</protocol>
<source>
<any><destination><network>lan</network>
<port>1863</port></destination>
<direction><iptos><tcpflags><descr>m_Other MSN inbound</descr>
<inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue></tcpflags></iptos></direction></any></rule>
<rule><in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<protocol>tcp</protocol>
<source>
<any><destination><network>lan</network>
<port>6891-6900</port></destination>
<direction><iptos><tcpflags><descr>m_Other MSN Transfer inbound</descr>
<inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue></tcpflags></iptos></direction></any></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5190-5190</port></any></destination>
<descr>m_Other ICQ1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<protocol>tcp</protocol>
<source>
<network>lan</network>

<destination><any><port>1863</port></any></destination>
<direction><iptos><tcpflags><descr>m_Other MSN outbound</descr>
<inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue></tcpflags></iptos></direction></rule>
<rule><in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<protocol>tcp</protocol>
<source>
<network>lan</network>

<destination><any><port>6891-6900</port></any></destination>
<direction><iptos><tcpflags><descr>m_Other MSN Transfer outbound</descr>
<inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue></tcpflags></iptos></direction></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>110-110</port></any></destination>
<descr>m_Other POP3 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpH</inqueue>
<outqueue>qOthersDownH</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>110-110</port></destination>
<descr>m_Other POP3 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>53-53</port></any></destination>
<descr>m_Other DNS1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersDownH</inqueue>
<outqueue>qOthersUpH</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>53-53</port></any></destination>
<descr>m_Other DNS2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<protocol>tcp</protocol>
<source>

<address>Cyber</address>

<destination><any></any></destination>
<direction><iptos><tcpflags><descr>m_Other Cyber outbound</descr>
<inqueue>BajadaIlimitada</inqueue>
<outqueue>SubidaIlimitada</outqueue></tcpflags></iptos></direction></rule>
<rule><in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<protocol>tcp</protocol>
<source>
<any><destination><address>Cyber</address></destination>
<direction><iptos><tcpflags><descr>m_Other Cyber inbound</descr>
<inqueue>SubidaIlimitada</inqueue>
<outqueue>BajadaIlimitada</outqueue></tcpflags></iptos></direction></any></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network></destination>
<descr>m_Other ICMP inbound</descr>
<protocol>icmp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>143-143</port></any></destination>
<descr>m_Other IMAP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>143-143</port></destination>
<descr>m_Other IMAP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>1723-1723</port></any></destination>
<descr>m_Other PPTP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any></any></destination>
<descr>m_Other ICMP outbound</descr>
<protocol>icmp</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>1352-1352</port></destination>
<descr>m_Other LotusNotes2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>1352-1352</port></any></destination>
<descr>m_Other LotusNotes1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>1352-1352</port></destination>
<descr>m_Other LotusNotes1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>1352-1352</port></any></destination>
<descr>m_Other LotusNotes2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any></any></destination>
<descr>m_Other PPTPGRE outbound</descr>
<protocol>gre</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>1723-1723</port></destination>
<descr>m_Other PPTP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>6667-6670</port></any></destination>
<descr>m_Other IRC outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>6667-6670</port></destination>
<descr>m_Other IRC inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qlandef</inqueue>
<outqueue>qwandef</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5999-5999</port></any></destination>
<descr>m_Other cvs outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5999-5999</port></destination>
<descr>m_Other cvs inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qwandef</inqueue>
<outqueue>qlandef</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network></destination>
<descr>m_Other PPTPGRE inbound</descr>
<protocol>gre</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5900-5900</port></any></destination>
<descr>m_Other AppleRemoteDesktop2 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5900-5900</port></destination>
<descr>m_Other AppleRemoteDesktop4 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>3283-3283</port></any></destination>
<descr>m_Other AppleRemoteDesktop3 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>3283-3283</port></destination>
<descr>m_Other AppleRemoteDesktop3 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5900-5900</port></any></destination>
<descr>m_Other AppleRemoteDesktop4 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>3283-3283</port></destination>
<descr>m_Other AppleRemoteDesktop1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5900-5900</port></destination>
<descr>m_Other AppleRemoteDesktop2 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5900-5930</port></destination>
<descr>m_Other VNC inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>161-161</port></any></destination>
<descr>m_Other SNMP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>554-554</port></destination>
<descr>m_Other RTSP1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>161-161</port></destination>
<descr>m_Other SNMP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>161-161</port></any></destination>
<descr>m_Other SNMP2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>161-161</port></destination>
<descr>m_Other SNMP2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>554-554</port></any></destination>
<descr>m_Other RTSP1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>137-139-137-139</port></destination>
<descr>m_Other SMB2 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>8000-8100</port></destination>
<descr>m_Other STREAMINGMP3 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>445-445</port></any></destination>
<descr>m_Other SMB1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>445-445</port></destination>
<descr>m_Other SMB1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>137-139-137-139</port></any></destination>
<descr>m_Other SMB2 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>3283-3283</port></any></destination>
<descr>m_Other AppleRemoteDesktop1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any></any></destination>
<descr>m_Other IPSEC outbound</descr>
<protocol>ah</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5631-5631</port></destination>
<descr>m_Other pcany1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5632-5632</port></any></destination>
<descr>m_Other pcany2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5631-5631</port></any></destination>
<descr>m_Other pcany1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>119-119</port></destination>
<descr>m_Other NNTP2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>119-119</port></destination>
<descr>m_Other NNTP1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>119-119</port></any></destination>
<descr>m_Other NNTP2 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>5632-5632</port></destination>
<descr>m_Other pcany2 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>14534-14534</port></any></destination>
<descr>m_Other teamspeak1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>8767-8768</port></any></destination>
<descr>m_Other teamspeak3 outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>8767-8768</port></destination>
<descr>m_Other teamspeak3 inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>51234-51234</port></destination>
<descr>m_Other teamspeak2 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>51234-51234</port></any></destination>
<descr>m_Other teamspeak2 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>14534-14534</port></destination>
<descr>m_Other teamspeak1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>119-119</port></any></destination>
<descr>m_Other NNTP1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>3306-3306</port></destination>
<descr>m_Other MySQL1 inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>5900-5930</port></any></destination>
<descr>m_Other VNC outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network></destination>
<descr>m_Other IPSEC inbound</descr>
<protocol>ah</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any></any></destination>
<descr>m_Other IPSEC outbound</descr>
<protocol>esp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network></destination>
<descr>m_Other IPSEC inbound</descr>
<protocol>esp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>8000-8100</port></any></destination>
<descr>m_Other STREAMINGMP3 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>500-500</port></destination>
<descr>m_Other IPSEC inbound</descr>
<protocol>udp</protocol></any></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>3306-3306</port></any></destination>
<descr>m_Other MySQL1 outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>500-500</port></any></destination>
<descr>m_Other IPSEC outbound</descr>
<protocol>udp</protocol></rule>
<rule><inqueue>qOthersDownL</inqueue>
<outqueue>qOthersUpL</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>

<destination><any><port>3389-3389</port></any></destination>
<descr>m_Other MSRDP outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qOthersUpL</inqueue>
<outqueue>qOthersDownL</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>3389-3389</port></destination>
<descr>m_Other MSRDP inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>7668-7668</port></destination>
<descr>m_P2P Aimster inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>

<destination><any><port>7788-7788</port></any></destination>
<descr>m_P2P BuddyShare outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any><destination><network>lan</network>
<port>6881-6999</port></destination>
<descr>m_P2P BitTorrent inbound</descr>
<protocol>tcp</protocol></any></rule>
<rule><inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>

<destination><any><port>6881-6999</port></any></destination>
<descr>m_P2P BitTorrent outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>

<destination><any><port>2340-2340</port></any></destination>
<descr>m_P2P CuteMX outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>

<destination><any><port>6699-6701</port></any></destination>
<descr>m_P2P Napster outbound</descr>
<protocol>tcp</protocol></rule>
<rule><inqueue>qP2PUp</inqueue></rule></shaper></step5></address></step3></ezshaper>

Enlaces

Un saludo desde Colombia, En el tema del PfSense, como se configuran los PIPES, no lo encuentro, las inerfaces entre el m0n0wall y el PfSense son bastante diferentes, por otro lado el control de ancho de banda no es muy exacto… cuando intento bloquear un p2p, termino perdiendo capaciadad en la navegacion (http), gracias por sus comentarios

gpechieu

Enlaces: Mira… yo no he tenido problemas con perdida de ancho de banda... lo que te puede estar pasando es que tengas un proxy transparente con squid y la opcion Catch All en Trafic Shapper Habilitada... Como esa opcion lo dice... todo lo que pase por cualquier puerto no identificado va a parar a la parte de catch all... La mejor forma si esta es tu situacion es que crees unas reglas para squid... con mayor prioridad. Lo que si... si le habilitad eso... te queda ajustada la velocidad al maximo de ancho de banda que le allas colocado a tu dispositivos de red (una cagada enorme, ya que en variass partes del foro, se mencionaba que esto estaba solucionado y lo que viniera del squid pasaria derecho sin ser limitado... cuando me refiero a que viene de squid, me refiero a lo que ya esta grabado en el cache) Y bueno... asi no te limitaria la navegacion por pagina web... Otro consejo es que crees 2 reglas mas para el MSN Messenger... ya que si te pones a observar... el asistente no las crea a las reglas.... entonces tambien estas son pasadas como P2P. Espero te alla servido la ayuda... cualquier consulta... agregame... gpechieu@hotmail.com

Enlaces

Buenas Nuevamente los saludo, yo me puse a provar con el m0n0wall, es muy bueno, pero en si el control de ancho de bada me genera varios inconvenientes, nuevamnete quiero intentarlo con PfSense, no entiendo como configurara las PIPES, me podrian ayudar?, mi configuracion esta asi:

INTERNET=>pfsense=>lan=>ap=>usuarios

alguna optra opcion agradeceria sus comentarios.

Enlaces

Buenas tardes, nuevamente quiero retomar el tema del control de ancho de banda, como es sabido las configuraciones son distintas entre el monowall y el PfSense, unas de las grandes dificultades es entender lo que esta escrito en este foro, por ejemplo el mensaje que contiene mucha informacion puesto por "gpechieu" pero que finalmente no se que es lo que hay que hacer!!!

Por otro lado la comparacion con el monowall por Microlan, pero como se compara con el pfsense?

por ultimo he intentado un monton de opciones pero no logro hacer lo que verdaderamente se discute, "COMO CONTROLAR EL ANCHO DE BANDA"

Agradezco que alguien que tenga un poquito mas de informacion la comparta, yo por el momento seguire intentandolo y si logro algo se los hare saber.

Gracias y Buen dia.