Hi folks, i´m new on Nethserver and so far its looks great! Since i use Pfsense for a long time i get it to work pretty well for my needs, but now i´m trying to do the same scenario on Nethserver but get a little confuse.
My Scenario on Pfsense is
IP range 192.168.25.1/.254 for registered mac users and unlimited bandwidth.
IP range 192.168.26.1 /254 for anyone who connects a new mac without a registration will automatic get this range and gets limited band.
IP range 192.168.27.1/254 for blocked macs.
Schedule to turn off the rule who block Facebook on 11:30 to 1:30 lunch time.
Allias/Rule that unblock Facebook for determined registered/reserved IP
I´m Using transparent proxy and 2 Nics
My installed packages so far are
So, whats is the best way to do that on Nethserver, also can i use those Roles (green, red etc…) to manage that?
There is a way to limit the band for a IP range?
Could you please show the pfsense configuration in more detail?
What feature assigns mac to networks?
For the web browsing profiles, see: http://docs.nethserver.org/en/latest/content_filter.html
There’s no option to “cut” bandwidth of a range, you can only assign lower priority (so you don’t waste bandwidth).
For IP ranges i just set the dhcp for a band limited IP range and new connections will always get this limited IP, then i set manually the ip for the machine by ip reservation feature, since the incoming new connections is not high will not be a problem to me to set it manually.
i have a little experience but not good enough to give ideas. Actually, my company enrolled on NETGATE to take formal training with PFSENSE this coming June
Sure, Sorry for the delay and thx for the fast answer.
So the feature that assigns mac to networks,i suppose is my fingers since i do it manually … .
I print some screens from my Pfsense configuration and i will try explain my scenario better.
First i set the DHCP for the range 192.168.25.26/254 every new connection will get this range, and this ip range has a attached rule with traffic shaping . I set the dhcp range already on Nethserver and looks work like intend, but dont know how to traffic shaping this IP range
Then i check on DHCP Leases for new connections and decide manually assign a ip to a mac, if i will block assign ip .27, if i will register assign ip .25 (full band) or let it be with limited band ip .26. There is not many incoming new connections, so do it manually is easy and work pretty well.
**I found a similar screen on Nethserver already **
On pfsense go in Firewall -> traffic shaper, then chose “Wizards”.
Set the policy as you want, what you are interested in is the penality box.
In the penality box page you can chose the alias to be penalized. (“Cell phone limited band” in your case)
In case of high bandwith usage that alias will be limited in a range from 2% to 20% (as your choiche) of the bandwith.
As you can see here the limiter dosen’t work now. The fix is planned for 2.3.2. If you want to use the limiter instead of the penality box try this workaround found on the last post of the issue on github.
The business in case is a store, BuyMore alike but in medium size. There is all departments like any company HR, Logistics etc, also a store where they test the product in front of the customer’s and fix the customer’s products. So u can expect some incoming new connections, there is why the need of a ip range with controlled IP band, ofc a Independent band is a better choice, but its means investments and it´s not a option right now.
Anyway like i said Pfsense works well on this kind of business, but i want try Nethserver. Atm i migrate almost all stuff i use on Pfsense, just stuck on a way to do the band limitation for a ip range.
Btw, i follow the “tip” from @jgjimenezs and create Vlans, going to try the low priority thing, but by mistake i delete the eth0 interface with the ip used to login on Nethserver and looked me out whats the root command line to create or reconfigure a interface on Nethserver without re installation ??
I have this screen on Pfsense console command with makes things easy , i don’t know if in Nethserver we have something similar
Nethserver is based on shorewall firewall but I haven’t seen any support for traffic shaping via the firewall on nethserver out of the box? I’m not using Nethserver Firewall much so please correct me if I’m wrong.
Look at the shorewall documentation and see if that can help you to customize the firewall?: Shorewall Traffic shaping