I wanted to limit upload speed of my torrent clients (utorrent, qbittorent) with port forwarding enabled. This can be done on the client itself but I prefer the method via firewall.
For this example I forwarded port 17123 to my qbittorent client and limited upload speed to 1mbit/s. There are probably other more “proper” methods to achieve this on Pfsense, but this is working for me:
Set up a port in a client:
Go to Pfsense, Firewall, traffic shaper, limiters:
Click New limiter
Tick Enable limiter and its children
Name it upload1mbit
Set Bandwidth to 1 Mbit/s
Set Mask to Source addresses and set Description to something you like and save.
For limiters to work you also need to make a download limiter. Click new limiter and name it download1000mbit
Set bandwidth to 1000 Mbit/s
Set mask to Destination addresses
Set description and click save.
Now go to firewall, NAT and add a new rule:
Protocol: Depends on your needs, usually TCP, UDP or both
Destination: WAN address
Destination port range: 17123 to 17123
Redirect target IP: LAN IP of the machine torrent client is running on, example 192.168.0.2
Redirect target port: 17123
Now go to firewall, rules, WAN and find the associated rule we created in the previous step, click edit.
Scroll down to the bottom and click Display Advanced, scroll down again to find In / Out pipe.
For In select download1000mbit, and for out select upload1mbit, save and apply changes. This is the opposite of what you do when you want to limit LAN IP bandwidth, because this rule is applied to WAN interface not LAN. Click save and the limiter should work. You should always reset the states when applying new settings to filters. You can do that on Diagnostics, states, reset states.
I will add more images later, this is only a quick draft. It should be sufficient to set up a rule though.