Manage your Bandwidth - PFSENSE
Manage your Bandwidth
PFSense is by far one of the best gateway solutions out there in my opinion. I am going to show you one of the many reasons why I think this product is best of breed and that is the Bandwidth limiter. PFSense uses Free BSD as it base, it has included the DummyNet software project which allows you to simulate/enforce queues and bandwidth limitations, delays, packet losses, and multipath effects, it also implements a variant of Weighted Fair Queuing called WF2Q+. Now that may sound like a lot of reading to get up to speed with but I assure you it is quite easy to set up and maintain, let me show you how.
First off I will take a bandwidth test to see what I get as unregulated bandwidth. I have a cable service from Brighthouse that is 50Mb download and 5 Mb upload.
The image tells the tale, I am getting 50/5 as and result of my speed test using Brighthouse’s Speed test. Now let’s get started with our limiting, we will need to create a Upload and a Download limit we want to apply to each system on the LAN then create one Firewall rule to force the systems on the LAN to follow the limits.
Lets get started:
First we need to find our Limiter Web GUI area in PFSense. This is located under the Firewall Tab -> Traffic Shaper, the 3rd tab is called Limiter.
Next we are going to select Create new limiter , Let’s call it LimitUPLan
<![if !supportLists]>1. <![endif]>Click Enable
<![if !supportLists]>2. <![endif]>Set name to LimitUpLan
<![if !supportLists]>3. <![endif]>Set Bandwidth allowed (1mb)
<![if !supportLists]>4. <![endif]>Mask Source Address
<![if !supportLists]>5. <![endif]>Give a description
<![if !supportLists]>6. <![endif]>Save
Now lets create another Limiter, Let’s call it LimitDownLAN
<![if !supportLists]>1. <![endif]>Click Enable
<![if !supportLists]>2. <![endif]>Set name to LimitDownLan
<![if !supportLists]>3. <![endif]>Set Bandwidth allowed (3Mb)
<![if !supportLists]>4. <![endif]>Mask Source Addresses
<![if !supportLists]>5. <![endif]>Add Description
<![if !supportLists]>6. <![endif]>Save
Now we should have 2 Limiters available to us when we go to make the Firewall rule. We set in the limiters to mask the source address. This tells PFSense to create a unique queue for each Source address on the LAN side. If we left this set to none then we would have just 1 queue limited to 3Mb for all users on the LAN thus taking a 50Mb service and making it a 3Mb service. That is not what we want here, we want to limit each user to 3 MB each so no one person can abuse our 50 Mb service. We could have 10 users all streaming 3Mb each for a total of 30 Mb of download per second and giving us 20 Mb still available.
Now lets start limiting our LAN systems.
We need to make this rule above any allow rule that allows TCP and/or UDP. If we place it below an allow rule then that rule will take precedence over the rule we want to force our limits on. In this example I have placed rule on my LAN tab as rule #2 above the bottom rule which allows all my traffic out.
Let’s add a new rule:
<![if !supportLists]>1. <![endif]>Action Pass
<![if !supportLists]>2. <![endif]>Interface LAN
<![if !supportLists]>3. <![endif]>Protocol Any
<![if !supportLists]>4. <![endif]>Source LAN Subnet
<![if !supportLists]>5. <![endif]>Destination Any
<![if !supportLists]>6. <![endif]>Description
Now edit the advanced section:
Select the Advance button under the In/Out feature, from the drop down menus select the 2 queues you created (In = Uploads) and (Out = Download). Save and apply the firewall rule and re-test your bandwidth usage.
Bandwidth Now Limited
That’s the whole process from start to finish. At this point you should have a rate limit of 3mb per LAN user downstream and 1 MB per LAN user upstream.
That is part of the power built-in to PFSense and the BSD platform. Now go off and limit someone today!
Refrence
Comments