Re: [pfSense] Port forwards don't work on one machine

2018-02-18 Thread Marco
On Wed, 14 Feb 2018 18:07:42 -0500
WebDawg  wrote:

> It is most likely the ISP device.

Indeed, it was.

I redid the whole pfSense config and the issue persisted. Then I
redid the ISP device config and it worked. In the end I changed
nothing, same config as before, but now it works for some magical

Thanks to all of you for the support and sorry for the noise (of
having nothing to do with pfSense).

pfSense mailing list
Support the project with Gold!

Re: [pfSense] Limiters

2018-02-18 Thread Chris L

> On Feb 15, 2018, at 9:22 AM, user49b  wrote:
> Hi
> I currently have some limiters setup on my WiFi interface.
> I limit some IP's (,,...) to only have 700 Kbit/s.
> So every IP (device) has 700 Kbit/s.
> I want to add a "global" limit on Wifi interface so the total subnet/network 
> can only have 3000 Kbit/s.
> Each IP (device) can only have 700 Kbit/s of the total 3000 Kbit/s limit.
> If tried putting a "global" limit for the subnet / network before and/or 
> after all the IP devices with 700kbit/s under rules.
> This does not seem to work.
> Is something like this possible, and if possible what am I doing wrong. Maybe 
> somewhere I can find documentation?

No, unfortunately you can do one or the other with limiters. You can set a 
total pipe of 3000Kb/sec then put a child underneath that masked by /32 to 
create a separate pipe for every host but you cannot additionally limit each of 
those to 700K. It does a pretty good job of not letting anyone monopolize with 
the traffic in that case. It might be worth a try. If you do that when not much 
is going on, the users can use the full 3000K.

Or you can set a top limiter of 700K with a mask of /32 which gives each host a 
700K pipe but no top limit.

You might try to combine the latter limiter configuration with a simple altq. 
You could make a simple PRIQ or perhaps CBQ with a 3000K bandwidth limit with 
just one child queue marked default (so you don’t have to worry about steering 
any traffic through it). That would prevent any transmission out that interface 
(downloads) of more than 3000K while the limiter would limit each host to 700K. 
You would have to use a different strategy to limit uploads if there was other 
traffic there you did not want to limit. Pretty sure you would need to use HFSC 
which can be daunting. Should not be too bad for something simple like that 
though. Looking though, CBQ is probably worth a look there. You can set 
separate bandwidth limits of child queues there too and it is much simpler than 

pfSense mailing list
Support the project with Gold!