{{tag>tutorial pfsense}}

====== Limit bandwidth for a host behind NAT in pfsense ======

I have a ssh VM which bandwidth to the internet I want to limit to 10 Mbit/s outgoing, 50 Mbit/s incoming.

===== Requirements =====
  * pfsense 2.3.X

----

===== Setup the limiters =====
  * Go to ''Firewall -> Traffic Shaper -> Limiters'' and create a new limiter with the following settings:
    * Name: ''sshout''
    * Bandwidth: ''10 Mbit/s''
    * Schedule: ''none''
    * Mask: ''none''
  * With Mask set to none, we limit the bandwidth globally, if you want it per host, select ''Source addresses''
  * Create a second limiter named ''sshin'' with a bandwidth of ''50 Mbit/s''

===== Setup the firewall rule =====
  * Go to ''Firewall -> Rules''
  * Create a new ''Floating'' rule with the following settings:
    * Action: ''Match''
    * Interface: ''LAN'' or whatever interface your host is connected to
    * Direction: ''out''
    * Address Family: ''IPv4''
      * I was not able to create a combined IPv4+v6 rule
    * Protocol: ''any''
    * Source: ''any''
    * Destination: ''Single host or alias'' with IP ''<your host IP>''
  * Open the advanced options and modify:
    * Gateway: ''WAN''
      * I had to manually select the gateway but I have multi-WAN so that might be the reason.
    * In / Out pipe: ''sshin'' and ''sshout''