pfSense – Throttling by IP base – The Definitive Guide.

1

July 23, 2015 by aubreykloppers

Limit bandwidth usage by IP on your LAN

I am from South Africa managing a site for a NPO.  We are blessed enough to afford Fibre, but the bandwidth can be used up very quickly by Low Priority Users.  This is a guide to Limit Users by Priority on a 4Mbit/s line.

Now for the fun-stuff

Note 1: This technique uses a HARD limit on groups of IP addresses.  If you follow this definitive guide, you will be able to limit groups of IP addresses to a maximum specified bandwidth.

Note 2: I am using 3 groups to specify hard-limits, namely LOW, MEDIUM and HIGH with allocated bandwidth of 1, 1.5 and 3Mbit/s respectively.  URGENT: If you want to use a fraction i.e.: 1.5Mbit/s use 1500Kbit/s!

Note 3: Using the UP ARROW at the bottom of FIREWALL/ALIASES will give you the ability to PASTE a list of IP addresses.  The format is “(IP ADDRESS) (Description)” – without the quotes.  One entry per line.  REMEMBER to change the TYPE from Network to Host using the drop-down menu once saved.

Creating IP Aliases, Limiters and the Rules:

  • Click on Firewall/Aliases (See Note 3) and create yourself Aliases called LOW, MEDIUM and HIGH.  (Type will be Host(s))
  • Click on Firewall/Traffic Shaper/Limiter and create 6 limiters, two per alias.

for LOW/MEDIUM/HIGH uplink:
* Name: LOW_UP (MEDIUM_UP ; HIGH_UP)
* Bandwidth: 1000 Kbits/s (1500 Kbit/s = MEDIUM ; 3 Mbit/s = HIGH)
* Mask: Source Address
for LOW/MEDIUM/HIGH downlink:
* Name: LOW_DOWN (MEDIUM_DOWN ; HIGH_DOWN)
* Bandwidth: 1000 Kbits/s (1500 Kbit/s = MEDIUM ; 3 Mbit/s = HIGH)
* Mask: Source Address

  • Click on Firewall/Rules/LAN and create 3 rules called LOW_PRI, MEDIUM_PRI and HIGH_PRI.

for LOW_PRI/MEDIUM_PRI/HIGH_PRI:
Section: Edit Firewall rule:
* Action: Pass
* Interface: LAN
* Protocol: TCP/UDP
* Source Type: Single host or alias
* Source Address: LOW_PRI (MEDIUM_PRI ; HIGH_PRI)
* Destination: any
Section: Advanced features:
In/Out: LOW_UP / LOW_DOWN (MEDIUM_UP / MEDIUM_DOWN ; HIGH_UP / HIGH_DOWN)

As long as you read the 3 notes and followed the creation of Aliases, Limits and Rules, you will now have high, medium and low priority hard-limit queues you can send IP’s through.  You will be able to watch your queues in action by clicking Diagnostics/Limiter Info and seeing your traffic being split into different Limiters…

Advertisements

One thought on “pfSense – Throttling by IP base – The Definitive Guide.

  1. Stuart Greig says:

    Great tutorial. Short, easy to follow. Thanks

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: