Monday, February 6, 2017

Pfsense Throttling By Ip Base

pfSense


Limit Bandwidth Usage By IP On Your Lan

This is a guide to Limit Users by Priority on a 8 Mbit/s line.

Notes:

Note 1: This technique uses a HARD limit on groups of IP addresses.  If you follow this definitive guide, you will be able to limit groups of IP addresses to a maximum specified bandwidth.

Note 2: I am using 3 groups to specify hard-limits, namely LOW, MEDIUM and HIGH with allocated bandwidth of 1, 1.5 and 3Mbit/s respectively.  URGENT: If you want to use a fraction i.e.: 1.5Mbit/s use 1500Kbit/s!

Note 3: Using the UP ARROW at the bottom of FIREWALL/ALIASES will give you the ability to PASTE a list of IP addresses.  The format is “(IP ADDRESS) (Description)” – without the quotes.  One entry per line.  REMEMBER to change the TYPE from Network to Host using the drop-down menu once saved.

Creating IP Aliases, Limiters and the Rules:
  • Click on Firewall/Aliases (See Note 3) and create yourself Aliases called LOW, MEDIUM and HIGH. (Type will be Host(s))
  • Click on Firewall/Traffic Shaper/Limiter and create 6 limiters, two per alias. 

for LOW/MEDIUM/HIGH uplink:
Name: LOW_UP (MEDIUM_UP ; HIGH_UP)
Bandwidth: 1 Mbits/s (3 Mbit/s = MEDIUM ; 4 Mbit/s = HIGH
Mask: Source Address 

for LOW/MEDIUM/HIGH downlink:
Name: LOW_DOWN (MEDIUM_DOWN ; HIGH_DOWN)
Bandwidth: 1 Mbits/s (3072 Mbit/s = MEDIUM ; 4 Mbit/s = HIGH)
Mask: Source Address

Click on Firewall/Rules/LAN and create 3 rules called LOW_PRI, MEDIUM_PRI and HIGH_PRI.

for LOW_PRI/MEDIUM_PRI/HIGH_PRI: 

Section: Edit Firewall rule:

Action: Pass
Interface: LAN
Protocol: TCP/UDP
Source Type: Single host or alias
Source Address: LOW_PRI (MEDIUM_PRI ; HIGH_PRI)
Destination: any

Section: Advanced features:
In/Out: LOW_UP / LOW_DOWN (MEDIUM_UP / MEDIUM_DOWN ; HIGH_UP / HIGH_DOWN)

As long as you read the 3 notes and followed the creation of Aliases, Limits and Rules, you will now have high, medium and low priority hard-limit queues you can send IP’s through.  You will be able to watch your queues in action by clicking Diagnostics/Limiter Info and seeing your traffic being split into different Limiters.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)