Return to Level1Techs.com

Using pfSense as a home router


#1

Good day

I’m a newbie at this, but very keen on learning more about how rules or scripts within the rules, are applied to the firewall to achieve various different results. I’ve been watching the videos for building and getting going with the pfsense router, but couldn’t find too much information on what I would like to achieve using my new pfsense router.

I installed and configured pfsense Community Edition v 2.4.3 on a physical pc with enough resources for any of the packages to run happily.

My end goal is to achieve the following but don’t know where to start or which package will be the best to make use of, to achieve my goal.

I would really like some help with achieving my goal, I know it can be done from everything I’ve read about pfsense.

So here goes, my wish list, or challenge if you may.

  1. I have a capped home data bundle of 50GB per month from my ISP.
  2. I have 12 devices that share this 50GB of capped data per month. Not all the devices are connected at any one given time. There is a possibility of about 4 devices being connected at any one given time.

Case 1

  1. I would like to set a monthly limit, of say 4GB per device, preferably by mac address.
  2. I would like to set a daily limit, of say 250 MB per device, preferably by mac address.
  3. Whenever any limit is reached or exceeded, all internet access needs to be stopped for that device, until that limit is reset. i.e. daily limit is reset the next day at 00:05, or the monthly limit rest on the first day of the new month at 00:05.
  4. I would like to see a report of data usage per device, preferably by mac address.

Case 2

  1. I would like to set a monthly limit, of say 8GB per user, I have 6 users in my family. The users can then use any device as their data usage will now be monitored or capped using their user name.
  2. I would like to set a daily limit, of say 300MB per user, I have 6 users in my family. The users can then use any device as their data usage will now be monitored or capped using their user name.
  3. Whenever any limit is reached or exceeded, all internet access needs to be stopped for that user, until that limit is reset. i.e. daily limit is reset the next day at 00:05, or the monthly limit rest on the first day of the new month at 00:05.
  4. I would like to see a report of data usage per user.

I would appreciate the help with the above as I’m just a beginner when it comes to scripts and think that the above will make use of scripts.
I would like to see a solution for both cases, I think it will be a good learning experience for me to try and understand how the rules work in different scenarios.

I have a LTE wireless router that receives the internet from my ISP. I’ve disabled the DHCP and wireless broadcast on this router and wired it to the pfsense router (PC) NIC. I’ve used the second NIC on the pfsense router (PC) as a DHCP server and this is wired to another wireless router. This router is configured as an AP only. All my devices are connecting to the internet via this router.

My intention is to use the pfsense router (PC) to monitor and limit the data usage of my family members and have a report thereof.

Thank you


#2

50GB a month is rough, What part of the world are you located?


#3

Doing it per device will be the easiest way to do it. You can set this up using the traffic shaper in pfsense. You’ll have to do it by IP not MAC as traffic shaping rules will be applied to traffic via the firewall, and firewalls work with IPs. But you can just assign static IPs to each device with the DHCP server.

Although having said that I don’t think the traffic shaper can set a data limit only bandwidth limits.

Doing it per user will be trickier, you may be able to get something working using RADIUS but it will be a pain for your users. Otherwise you’d probably have to look at using a proxy server.


#4

Thank you,

I’ve looked at using the traffic shaper already, it can only reduce the bandwidth and not set a fixed limit.

I’ll look at your suggestion of using Radius but I really like the idea of using a proxy server. Will do some research on how to use proxy servers and then give it a try.

Thank you so much for you assistance.


#5

If all else fails the captive portal should be able to do this.