How to limit bandwidth for wireless hotspots

One of the most common problems with wireless hotspots is the ability to control how much bandwidth each person on the network can utilize. There are tons of proprietary solutions but one which I find to be rock solid, open source and pretty simple to configure is pfsense. Its actually an enterprise grade firewall which is a bonus in that it can provide extra security features for open wireless hotspots.

Pfsense can either be run on flashsticks or similar removable media or as the main OS on a pc with two network cards. Previously I used to configure Pfsense this way (running on a pc with two network cards), but since then iv become a little smarter:) I have one Ubuntu 12.05 desktop machine as my web,ftp, and otrs support ticket system (tutorial comin soon on this). So what I did (short of buying another pc) was to configure Pfsense in a virtual environment running on top of Ubuntu:) lets just say its working like a charm! Here are the steps I took:

  1. Download and install virtualbox on Ubuntu (This does not have to be on Ubuntu, you could do the exact same setup using a windows box)

  2. Download the Pfsense ova file from their website.

  3. Once VirtualBox is installed, you can double click the ova file, follow the instructions, and before you know it, pfsense will be setup in the virtual environment

  4. Set a static IP for your Ubuntu machine (with all information filled in such as the gateway address for the intenet router)

  5. Now, please take note of this step, as it is pretty much the crux of everything:

  • Ensure that once pfsense is booted up, that you set the interface ip for the wan interface to be on the same network as your ubuntu box, and the main internet router
  • Ensure that the ip for the LAN interface is on the same network as the open wireless access point
  • Please ensure that the wireless access point is on the different network to that of the WAN interface or else you may aswell kiss your bandwidth goodbye ?
  • Ensure that DHCP is enabled on the LAN interface
  • Ensure that DHCP is disabled for your access point
  1. Connect a client to the wireless hotspot, and access the LAN address of pfsense which you setup in 5. The default username and password for pfsense are as follows:

username: admin

password: pfsense

  1. Enable captive portal by clicking on Services -> Captive Portal -> Tick enable captive portal, and ensure that the LAN is the selected interface

  2. Scroll down and where it says authentication, select Local User manager (this allows your to create users for your wireless hotspot using the local database utilized by Pfsense)

  3. Customize your portal page if you so choose, and then click on save

  4. You can enable vouchers by clicking on the vouchers tab

  5. You can create local users which can then login and access the internet by going to System -> User Manager -> Click on the little add user “+” sign at the bottom, and enter the details


  • Click Services -> Captive Portal
  • Scroll down to “Per-user bandwidth restriction”, and tick “Enable per-user bandwidth restriction”
  • You can then set the upload and download bandwidth speeds for each user (note that this is not cumulative, this is what each user will receive)
  1. That should get you all setup ?

For a guide on how to access pfsense via the WAN interface, click

[box type=”bio”] [paypal-donation][/box]