pfSense 2.3: Limiters and Squid bugfix

pfsense logo

Limiters set up dummy pipes you can use to simulate any kind of network connection.
This way you can limit WAN bandwidth to your users; trying to speed things up we’ll also install Squid3 acting as Transparent Proxy.
Using Squid you can easily cache contents and forbid/remove malicious URls (like Ad, etc)
Here you will also find the bugfix for internet not working after squid proxy is enabled.

There are 4 basic steps to set up a limiter to control bandwidth and cache contents:

  1. Setup the limiters
  2. Assign NAT rules
  3. Setup Squid3
  4. Assign NAT rules to prevent a pipe loop (otherwise you’ll get no internet access)

Setup Limiters

Go to the Firewall >>Traffic Shaper >> Limiters >> New Limiter:

And create a new limiter for the source adresses; this’ll be the Upload limit. (pay attention to the mask)

PFSense Limiter for Upload

 

Now create a new limiter, this’ll be the Download limit. (pay attention to the mask)


PFSense Limiter for DownloadDon’t forge to Apply Changes everytime!
P.S. I have no idea why i needed to set Upload mask as ‘Source’ and Download one to ‘None’ 

Assign NAT Rule

Now we need to associate the limiters to a IP (or a range of IPs).

Go to the Firewall>>>Rules >> LAN >> Add New
Set a rule for LAN Interface on any protocol,
In the source box select the IPs you want to be affected by the limiter,
Then click on the advanced settings, search for the In/Out and set UploadLimit and DownloadLimit.

Rule to enable ip bandwidth limit

Move this new rule to the top of the chain and apply changes!

If you are not interested in Squid3 this tutorial is over!

Install Squid3

Check the package from System >> Package Manager >> Available Packages.

After the installation has completed go to Service >> Squid Proxy Server.
Here you simply have to enable Squid Proxy and Trasparent Proxy feature.

You can also increase or tweak memory settings using “Local Cache” menu.

Squid3 + Limiters Workaround

We have to add another rule, otherwise internet will not work after enabling squid3.

Go to the Firewall >>Rules >> LAN, add another rule over the one we previously created:
this way we prevent squid3 from being trapped within Limits

Squid3 Filters Workaround

Double check this rule is over the one of limiters.

Everything **should** work as expected

Speedtest using Limiters

Speedtest using Limiters

5 commenti

    1. I only tried it with one host but it should be per ip/host because the selected mask in Download limiter is “Source Address”.

  1. Hi. Thanks for the great tip. But per my testing I need to set the “Mask=Destination addresses” of “DownloadLimit” limiter in order set it one pipe per host.

    pfSense version: 2.3.3-RELEASE-p1 (amd64)

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *