Bandwidth Limiting with the pfSense Limiter

Bandwidth

Creating a limiter in pfSense 2.1

Although we have covered a number of powerful features that are part of pfSense’s traffic shaping capabilities, we haven’t yet covered one of the most interesting and useful features: the ability to limit users’ upload and download speed. In this article, I will describe how to use the pfSense bandwidth limiter.

Using the Bandwidth Limiter

To invoke the bandwidth limiter, first navigate to Firewall -> Traffic Shaper, and click on the “Limiter” tab. At this tab, click on “plus” to add a new limiter. Check the “Enable limiter and its children” checkbox, and for the “Name” field, enter a name for the new limiter. At “Bandwidth“, click on the “plus” button to add a bandwidth limit. There are four options: “Bandwidth“, “Burst“, “Bw type” and “Schedule“. “Bandwidth” is the maximum transfer rate, while “Burst” is the total amount of data that will be transferred at full speed after an idle period and is apparently a new setting under pfSense 2.1. “Bw type” allows you to select between Kbit/s, Mbit/s, Gbit/s, and bit/s. “Schedule” does not seem to have any options.

In the next nection, “Mask“, you can select “Source address” or “Destination address” in the drop down box. If either one is chosen, a dynamic pipe with the bandwidth, delay, packet loss and queue size specified in the “Bandwidth” section will be created for each source or destination IP address encountered respectively. This makes it possible to easily specify bandwidth limits per host. In the next two fields, you can specify the IPv4 and IPv6 mask bits. At “Description“, you can enter a description, which will not be parsed.


Underneath “Description” is the “Show advanced options” button. Pressing this button reveals some additional settings. “Delay” allows you to specify a delay before packets are delivered to their destination (leaving it blank or entering 0 means there is no delay). “Packet loss rate” allows you to specify the rate at which packets are dropped (e.g. 0.001 means 1 packet per 1000 gets dropped). Again, you can leave this blank. “Queue size” allows you to specify a number of slots for the queue, and “Bucket size” allows you to set the hash size. Finally, press the “Save” button to save the limiter or “Delete virtual interface” to delete it. Press “Apply changes” on the next page to apply the changes.

Bandwidth

Creating a firewall rule to limit upload bandwidth. Note that we are using the limiter created in the previous step.

Now, the limiter that we just created should be available when we go to make or edit firewall rules. As an example, we can use the limiter created in the previous step to limit the upload bandwidth to 1 GB. Navigate to Firewall -> Rules, and click on the “LAN” tab. Press the “plus” button to add a new rule. Leave the “Action” as Pass, the “Interface” as LAN, and the “TCP/IP Version” as IPv4. The “Source” should be set to “LAN subnet”, and the “Destination” should be left as Type: any. After entering a “Description“, scroll down to advanced features and press the “Advanced” button next to “In/Out“, and set the “In” queue to the limiter created in the previous step. Then press “Save” to save the rule and “Apply changes” on the next page.

Now, the upload bandwidth on the LAN interface should be limited to 1 Gb/sec. When you navigate to Firewall -> Rules and click on the “LAN” tab, you should see a small purple circle next to the newly-created rule, indicating that the rule invokes the limiter. If you wanted to limited the download bandwidth, this could easily be done; just create another limiter specifying the maximum download bandwidth, and set the “Out” queue in the rule to the new limiter (or if you just want to make the upload and download bandwidth the same, use the original limiter).


Other Articles in This Series:

Traffic Shaping in pfSense: What it Does
Traffic Shaping Wizard: Introduction
Queue Configuration in pfSense 2.1
Traffic Shaping Rules in pfSense 2.1
Traffic Shaping Rules in pfSense 2.1
Layer 7 Rules Groups in pfSense 2.1
Deep Packet Inspection Using Layer 7 Traffic Shaping

External Links:

PFSense 2.0 – Limiting users Upload and Download Speeds by Limiting Bandwidth at www.squidworks.net

pfSense 2.0 – Limit Download & Upload bandwidth per IP at YouTube

Ad Links:

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy