Port Forward bypasses Limiter
-
Hello, I have a pfSense 2.5.2 box.
I have set up limiters as per this article: https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
The problem is that any service that requires port forwarding is bypassing the queues and the limiter.
I also tried to set the queues at the WAN NAT Port Forward rule to test if the traffic will go through the queues and the limiter and it does not.
What am I missing here?
-
I'd double check your state table to make sure the state matches the rule... for instance a web download matches the request coming towards the web server, not traffic leaving the web server.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/traffic-shaper.html#why-is-x-not-properly-shaped -
OK, my issue was with uploads rather than downloads.
I am not sure but it seems as if the recipe mentioned above does not cover uploads.
I made a copy of the floating rule with these changes:
-
Action: Match
-
Direction: In
-
In / Out Pipe: Reversed from the original rule
It seems like it is working now. Is this configuration correct?
-
-
@sotirone I'd say if it's working then roll with it. :) Besides the traffic graph, Diagnostics/Limiter Info should show the relevant info. The router we have with limiters doesn't have floating rules, we have them on LAN to capture the outbound connections from certain IPs.