Messages

Hi,

Do you have Captive Portal enabled? If so, try disabling it first. There seem to be issues with the combination of these two.

I would also try a single rule;
- IF1: WAN
- IF2: LAN
- Pipe: 1Mbit (target: src)

And try if it limits to 1Mbit.

Good luck - it also took me a while to figure out directions and things like that.

Remon

Just to add the note:

When I disable captive portal the rules work. So it's surely related to the Captive Portal (rules)...

Thank you,

Remon

J,

Thank you for your reply, I've set it up as you said.
I let the other 2 rules there, it seems it never reaches the new rules when testing.

I want to max the connection to 2Mbit/300kbit: this works with the first 2 rules.
The 3rd and 4th rule don't get applied as far as I can see now.

I need a combination of rule 1,2 and 3 to get what I would like, am I correct?


Screenshots are attached,

Thanks,

Remon

Hi,

is there a good hint on getting the following done in the Traffic Shaper (I expect with queues and rules hence the title).

LAN: 20 users (allowed only 2Mbit down / 300Kbit up)
WAN: 2 x 8Mbit / 1Mbit (should be equally spread across 50 users)

Currently on another thread trying to get the first part working, now I'm looking to get the second part working also.

Meaning: if 8 users are downloading at 2Mbit, the nineth user should still get 1.77Mbit (16/9). The other should also go down to 1.77Mbit.

Result everybody has internet always, but never more than 2Mbit down. At busy moment the speed might go down.

Thank you for any of the hints you might give me!

Remon

Ok,

I tried: no results.

I reconfigured my rules to :
rule1
- interface1: LAN
- source: 192.168.x.x/24
- direction: both
- target: 300kbit pipe

rule2
- interface1: LAN
- destination: 192.168.x.x/24
- direction: both
- target: 2mbit pipe

and applied, tried: no result.

modified ipfw.rules again and restarted again: no results.

I have currently my WAN2 not connected, does that matter in this case?

Thanks for your input!

Remon

Hereby, thanks!

00100     0        0 allow pfsync from any to any
00110     0        0 allow carp from any to any
00120     0        0 allow ip from any to any layer2 mac-type 0x0806,0x8035
00130     0        0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
00140     0        0 allow ip from any to any layer2 mac-type 0x8863,0x8864
00150     0        0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
00200     0        0 skipto 60000 ip6 from ::1 to any
00201     0        0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202     0        0 skipto 60000 ip6 from any to ::1
00203     0        0 skipto 60000 ip4 from any to 127.0.0.0/8
01002   753    78720 skipto 60000 udp from any to 192.168.5.1 dst-port 53 keep-state
01002   870    94151 skipto 60000 ip from any to { 255.255.255.255 or 192.168.5.1 } in
01002  1394   999423 skipto 60000 ip from { 255.255.255.255 or 192.168.5.1 } to any out
01002     0        0 skipto 60000 icmp from { 255.255.255.255 or 192.168.5.1 } to any out icmptypes 0
01002     0        0 skipto 60000 icmp from any to { 255.255.255.255 or 192.168.5.1 } in icmptypes 8
03021 26233  3268501 skipto 12001 ip from table(7) to any via em0
03022     0        0 skipto 12001 ip from table(7) to any via em0
03023     0        0 skipto 12001 ip from table(9) to any via em0
03024     0        0 skipto 12001 ip from table(9) to any via em0
03025     0        0 skipto 12001 ip from table(11) to any via em0
03026     0        0 skipto 12001 ip from table(11) to any via em0
05002    32     3434 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in via em0
05002     0        0 allow ip from any to any dst-port 80 via em0
06002 78303 55511507 skipto 60000 ip from any to any via em1
06003     0        0 skipto 60000 ip from any to any via em2
06200 42796 50779537 allow tcp from any to any out
06201   732   698156 skipto 65534 ip from any to any
12001 26233  3268501 count ip from any to any via em0
12998 26233  3268501 skipto 30000 ip from any to any via em0
12999     0        0 deny ip from any to any not via em0
30000 26233  3268501 count ip from any to any
30001 14637  2489707 count ip from 192.168.5.100 to any
30001     0        0 count ip from any to 192.168.5.100
60000     0        0 return ip from any to any
60001     0        0 pipe 10000 ip from any to 192.168.5.0/24 recv em1 xmit em0
60001     0        0 pipe 10000 ip from any to 192.168.5.0/24 xmit em1 recv em0
60002 26206  3265473 pipe 10001 ip from 192.168.5.0/24 to any recv em0 xmit em1
60002     0        0 pipe 10001 ip from 192.168.5.0/24 to any xmit em0 recv em1
65533 81347 56688289 allow ip from any to any
65534   732   698156 deny ip from any to any
65535    61    31949 allow ip from any to any

Hi,

this is the list (currently changes some settings on the rules tab, to test. still no result. It only caps the upload(300kbit)?)


00100 allow pfsync from any to any
00110 allow carp from any to any
00120 allow ip from any to any layer2 mac-type 0x0806,0x8035
00130 allow ip from any to any layer2 mac-type 0x888e,0x88c7
00140 allow ip from any to any layer2 mac-type 0x8863,0x8864
00150 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
00200 skipto 60000 ip6 from ::1 to any
00201 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 skipto 60000 ip6 from any to ::1
00203 skipto 60000 ip4 from any to 127.0.0.0/8
01002 skipto 60000 udp from any to 192.168.5.1 dst-port 53 keep-state
01002 skipto 60000 ip from any to { 255.255.255.255 or 192.168.5.1 } in
01002 skipto 60000 ip from { 255.255.255.255 or 192.168.5.1 } to any out
01002 skipto 60000 icmp from { 255.255.255.255 or 192.168.5.1 } to any out icmptypes 0
01002 skipto 60000 icmp from any to { 255.255.255.255 or 192.168.5.1 } in icmptypes 8
03021 skipto 12001 ip from table(7) to any via em0
03022 skipto 12001 ip from table(7) to any via em0
03023 skipto 12001 ip from table(9) to any via em0
03024 skipto 12001 ip from table(9) to any via em0
03025 skipto 12001 ip from table(11) to any via em0
03026 skipto 12001 ip from table(11) to any via em0
05002 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in via em0
05002 allow ip from any to any dst-port 80 via em0
06002 skipto 60000 ip from any to any via em1
06003 skipto 60000 ip from any to any via em2
06200 allow tcp from any to any out
06201 skipto 65534 ip from any to any
12001 count ip from any to any via em0
12998 skipto 30000 ip from any to any via em0
12999 deny ip from any to any not via em0
30000 count ip from any to any
30001 count ip from 192.168.5.100 to any
30001 count ip from any to 192.168.5.100
60000 return ip from any to any
60001 pipe 10000 ip from any to 192.168.5.0/24 recv em1 xmit em0
60001 pipe 10000 ip from any to 192.168.5.0/24 xmit em1 recv em0
60002 pipe 10001 ip from 192.168.5.0/24 to any recv em0 xmit em1
60002 pipe 10001 ip from 192.168.5.0/24 to any xmit em0 recv em1
65533 allow ip from any to any
65534 deny ip from any to any
65535 allow ip from any to any


hope this helps, can't fully read it myself :)

Thanks!

Hmmm,

without Captive Portal it works this way. With Captive Portal enabled only the upload limit works?

Any reason for that to change when Captive Portal is enabled?

Regards,

Remon

Franco,

Thank you, it works (tested it manually as suggested).

Kind regards,

Remon

Hi,

tested it, it works. But to be honest it is not as obvious to configure as I expected.

I wanted to limit download on 2Mbit, and upload on 300Kbit.
created 2 pipes -> clear, no doubt about that.

The rules tab:
- interface1, interface2
- source, destination
- direction (in, out)

all being the same in some point, I got lost there getting the above fixed.
solution I used now:

rule1
- interface1: LAN
- source: 192.168.x.x/24
- direction: both
- target: 300kbit pipe

rule2
- interface1: LAN
- destination: 192.168.x.x/24
- direction: both
- target: 2mbit pipe

(advantage: I got multiple WAN ports, so I only need a single entry here).

Is this correctly configured? If so we can close this post.

I will create another related to this (sharing total bandwidth equally).

Thanks for the help!

Remon

Franco,

Thank you, for the quick reply and the quick solution!
Tomorrow I will update to .12 , can't check today (sick).

Regards,
Remon

Franco,

Thanks for checking this quick! Let me know if I need/can test anything!

Regard Remon

Hi Franco,

I can create a Captive Portal in disabled state, when enabling (without changing any setting on the form) it fails:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 1 no such table: captiveportal_ip' in /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php:342 Stack trace: #0 [internal function]: PDO->prepare('select ip,pipen...') #1 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php(342): Phalcon\Db\Adapter\Pdo->query('select ip,pipen...') #2 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(162): OPNsense\CaptivePortal\DB->listFixedIPs() #3 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(147): OPNsense\CaptivePortal\CPClient->refreshAllowedIPs(NULL) #4 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(107): OPNsense\CaptivePortal\CPClient->update() #5 /usr/local/etc/inc/captiveportal.inc(229): OPNsense\CaptivePortal\CPClient->reconfigure() #6 /usr/local/etc/inc/captiveportal.inc(337): captiveportal_init_rules(true) #7 /usr/local/www/services_captiveportal_zones.php(47): captiveportal_configure() #8 {ma in /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php on line 342


Crash Reporter:

System Information:
FreeBSD 10.1-RELEASE-p10 #0 a5b56aa(master): Mon May 18 14:54:06 CEST 2015     root@sensey64:/usr/obj/usr/src/sys/SMP
OPNsense 15.1.11.4-d34b25558 (amd64)
OpenSSL 1.0.2b 11 Jun 2015

PHP Errors:
[16-Jun-2015 14:44:17 Europe/Amsterdam] PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 1 no such table: captiveportal_ip' in /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php:342
Stack trace:
#0 [internal function]: PDO->prepare('select ip,pipen...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php(342): Phalcon\Db\Adapter\Pdo->query('select ip,pipen...')
#2 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(162): OPNsense\CaptivePortal\DB->listFixedIPs()
#3 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(147): OPNsense\CaptivePortal\CPClient->refreshAllowedIPs(NULL)
#4 /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php(107): OPNsense\CaptivePortal\CPClient->update()
#5 /usr/local/etc/inc/captiveportal.inc(229): OPNsense\CaptivePortal\CPClient->reconfigure()
#6 /usr/local/etc/inc/captiveportal.inc(337): captiveportal_init_rules(true)
#7 /usr/local/www/services_captiveportal.php(386): captiveportal_configure()
#8 {main}
  in /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php on line 342


Thank you!

Same issue here.

Let me know, as I needed it this week :) -- broken m0n0wall server replacement
Ordered the appliance A10, mainly doing captive portal stuff.

Can I downgrade?

Thanks

Remon

Wow!

What great that you replied that complete. I will take a look at it as soon as I get a change and reply if it works as expected!

Thank you!

Remon