Hi,
In a very old previous message I talked about having successfully set a
limiter on an interface by creating a single rule above all the other
ones in an interface's tab, which would use and upload and a download
limiter and allow all protocols from any to any.
But I didn't notice that this rule in fact (I know I'm stupid) allowed
all traffic, and so the "pass" rules below this one were never evaluated
(this was not in production and we didn't notice until now), neither was
the default block rule...
In fact what we want to do is complex enough that while having
understood the problem (and removed the faulty rule for now), I don't
know how to proceed to make it work.
Architecture : we have 10 LAN interfaces and three WAN interfaces. One
of the WAN interfaces is 30 Mbits/s and is dedicated to two of the LANs.
These two LANs are very restricted : one is for the captive portal,
which is available both over WiFi and over the wire for our students,
from the university campus and from their wired rooms. The other
restricted LAN is our dedicated VLAN for computer classrooms. On both of
these LAN interfaces, there are only very few "pass" rules, this is a
mostly closed setting.
We want to ensure that during courses (from 7 a.m. to 6 p.m.), students
behind the captive portal (be it over WiFi or wire) can only use at most
10 Mbits/s for download and 2 Mbits/s for upload total from the 30 Mbits
of the WAN interface, the remaining 20 Mbits/s being dedicated to
computer classrooms.
After courses time, we want the 30 Mbits/s to be shared as needed (no
limit) between the two LANs.
But we also want to have the captive portal, at anytime, limit an user
to 4 Mbits/s download and 512 Kbits/s upload.
So for the captive portal we have set the correct limits per user and it
works fine.
But now, I don't know how to play with the limiters (10 Mbits/s download
and 2 Mbits/s upload) for the CP interface itself. I've made lots of
testing but I don't find the solution. In addition I believe 2.1 added
the possibility to apply a schedule to a limiter, in addition to to a
rule.
I know I should apply some rule with the limiters to our captive portal
interface, but I don't know :
* if the schedule should be applied to the limiters or to the rule
itself, or to both.
* if the limiters should be applied to all rules or only to a single
rule and if a single rule where should I place it considering our
mostly closed setting.
* If additional interface or floating rules with or without limiters
should be created, where, and with which settings.
* if interface limiters and captive portal limiters are compatible,
or if one takes precedence over the other.
I've tested several combinations of the above things, but unfortunately
I'm still not able to make it work as I want.
I've read several documentations like the traffic shaping guide on
pfsense.org, and looked at examples on the web like this one :
http://www.youtube.com/watch?v=Usi195rK35I but all these examples are
for the default LAN interface, which always has a pass all protocol from
any to any rule, so adding a similar rule with limiters is very
easy. But obvisously our setup is not that simple...
So I'm lost at what to do now to make this work.
This setting is not vital for us, we don't really NEED it, but we'd
really like to have this working to improve the life of our students
during courses, in order for people behind the CP to not eat all
bandwidth.
FYI we are using 2.1BETA0, having problems when we recently tried to
upgrade to 2.1BETA1, as explained in a previous message, in case this
matters.
Thanks in advance for any help.
--
Jérôme Alet - <[email protected]> - Direction du Système d'Information
Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX
Tél : +687 290081 Fax : +687 254829
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
