Impostare limiti per traffico su specifiche porte in pfSense

From RVM Wiki
Revision as of 16:46, 11 April 2020 by Gabriele.vivinetto (talk | contribs) (Created page with "Si vuole limitare upload ssh a 4 mbit su na linea fibra con upload ad 8 mb * Creare un limiter impostando 4mbit massimi Firewall / Traffic Shaper / Limiters Name = Upload_4M...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Si vuole limitare upload ssh a 4 mbit su na linea fibra con upload ad 8 mb

  • Creare un limiter impostando 4mbit massimi
Firewall / Traffic Shaper / Limiters
Name = Upload_4Mbit
Bandwidth = 4Mbit
  • Creare un limiter impostando 1000mbit massimi (per dire infinito: verrà assegnata come velocità di download)
Firewall / Traffic Shaper / Limiters
Name = Download_1000Mbit
Bandwidth = 1000Mbit
  • Creare una regola di firewalling che permetta SSH sulla porta 22 dall'interfaccia LAN
  • Aprire le advanced properties
In / Out pipe -> Upload_4Mbit Download_1000Mbit


Pfsense 2.4.x – Limit bandwidth per NAT port
17th April 2018 by S55MA·0 Comments

I wanted to limit upload speed of my torrent clients (utorrent, qbittorent) with port forwarding enabled. This can be done on the client itself but I prefer the method via firewall.

For this example I forwarded port 17123 to my qbittorent client and limited upload speed to 1mbit/s. There are probably other more “proper” methods to achieve this on Pfsense, but this is working for me:

Set up a port in a client:

Go to Pfsense, Firewall, traffic shaper, limiters:

Click New limiter

Tick Enable limiter and its children

Name it upload1mbit

Set Bandwidth to 1 Mbit/s

Set Mask to Source addresses and set Description to something you like and save.

For limiters to work you also need to make a download limiter. Click new limiter and name it download1000mbit

Set bandwidth to 1000 Mbit/s

Set mask to Destination addresses

Set description and click save.

Now go to firewall, NAT and add a new rule:

Interface: WAN

Protocol: Depends on your needs, usually TCP, UDP or both

Destination: WAN address

Destination port range: 17123 to 17123

Redirect target IP: LAN IP of the machine torrent client is running on, example 192.168.0.2

Redirect target port: 17123

Description: Torrents

Click Save


Now go to firewall, rules, WAN and find the associated rule we created in the previous step, click edit.

Scroll down to the bottom and click Display Advanced, scroll down again to find In / Out pipe.

For In select download1000mbit, and for out select upload1mbit, save and apply changes. This is the opposite of what you do when you want to limit LAN IP bandwidth, because this rule is applied to WAN interface not LAN. Click save and the limiter should work. You should always reset the states when applying new settings to filters. You can do that on Diagnostics, states, reset states.

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Impostare_limiti_per_traffico_su_specifiche_porte_in_pfSense&oldid=10403"