• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Port Forward bypasses Limiter

Scheduled Pinned Locked Moved Traffic Shaping
4 Posts 2 Posters 728 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sotirone
    last edited by Feb 14, 2022, 6:32 PM

    Hello, I have a pfSense 2.5.2 box.

    I have set up limiters as per this article: https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

    The problem is that any service that requires port forwarding is bypassing the queues and the limiter.

    I also tried to set the queues at the WAN NAT Port Forward rule to test if the traffic will go through the queues and the limiter and it does not.

    What am I missing here?

    S 1 Reply Last reply Feb 14, 2022, 7:33 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @sotirone
      last edited by Feb 14, 2022, 7:33 PM

      I'd double check your state table to make sure the state matches the rule... for instance a web download matches the request coming towards the web server, not traffic leaving the web server.
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/traffic-shaper.html#why-is-x-not-properly-shaped

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • S
        sotirone
        last edited by Feb 14, 2022, 8:21 PM

        OK, my issue was with uploads rather than downloads.

        I am not sure but it seems as if the recipe mentioned above does not cover uploads.

        I made a copy of the floating rule with these changes:

        • Action: Match

        • Direction: In

        • In / Out Pipe: Reversed from the original rule

        It seems like it is working now. Is this configuration correct?

        S 1 Reply Last reply Feb 14, 2022, 9:20 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @sotirone
          last edited by Feb 14, 2022, 9:20 PM

          @sotirone I'd say if it's working then roll with it. :) Besides the traffic graph, Diagnostics/Limiter Info should show the relevant info. The router we have with limiters doesn't have floating rules, we have them on LAN to capture the outbound connections from certain IPs.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received