Traffic Shaper /Limiters after update to 2.6.0-RELEASE not working
-
Firewall / Traffic Shaper /Limiters
in 2.5 version it was working fine but after upgrading to latest 2.6.0-RELEASE it is not working. i have tried it on fresh installation also but not working,
is there anyone facing same issue on 2.6.0-RELEASE..
I am using
Queue Management Algorithm - Tail Drop
Scheduler - FIFO and Worst-case Weighted fair Queuingplease help me out to get it resolved asap
-
@jaypfadmin said in Traffic Shaper /Limiters after update to 2.6.0-RELEASE not working:
is there anyone facing same issue on 2.6.0-RELEASE.
The info is dispersed all over the forum, but the current state could be found here :
https://forum.netgate.com/topic/169872/upgrade-2-5-2-to-2-6-0-upgrade-success-limiters-not-passing/105?_=1648195961510Limiters are cerated with ipfw.
pf rules are used to 'attach' limiters to interfaces.I presume a solution will need a "2.6.0-p1" release, as it implies a new kernel build.
If limiters are imperative for you : go back to 2.5.2 for the moment. -
@gertjan I think that thread decided it was a Captive Portal issue.
@jaypfadmin Are you seeing traffic not passing at all (the mentioned thread), or that the traffic isn't limited by the limiter as expected? Define "not working."
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote ๐ helpful posts! -
@steveits said in Traffic Shaper /Limiters after update to 2.6.0-RELEASE not working:
@gertjan I think that thread decided it was a Captive Portal issue.
Noop. It's worse.
There was a 'captive portal issue' as the captive portal is based on ipfw and pf for the user GUI firewall rules.
Or, with pfSnse 2.6.0, something changed, like "this is FreeBSD 12.3" - or ipfw changed - or the way Netgate compiles the FreeBSD and ipfw functionality. Anyway, ipfw had a L2 and L3 issue, and changing the ipfw ruleset, changing the syntax a bit, made the captive portal work. A 'simple' patch could handle that.But there is more, as @stephenw10 said :
I'm afraid it's not looking too good for a workaround that can be applied as a patch. The interaction between pf and ipfw is at a low level. We are still investigating though.
we added code to allow the use of pf and ipfw at thew same time. Normally in FreeBSD you would never do that.
The thing is : Limiters need ipfw ....
-
@gertjan Hmm. Well, we provide Internet to our building. Every tenant has a limiter, and none of them have complained about not having Internet for the past few weeks...
-
Ok, you got me convinced, I should test try again.
At home, I'm not using a captive portal. But I'm running pfSense on a WinPro Hyper-V VM.
I was using this : Configuring CoDel Limiters for Bufferbloat.
That was working up until I installed 2.6.0. It killed outgoing connection for pfSense itself, like unbound. Si no more DNS.At work I used the portal, as work is a hotel. Over there I use a bare bone device.
-
@gertjan said in Traffic Shaper /Limiters after update to 2.6.0-RELEASE not working:
I was using this : Configuring CoDel Limiters for Bufferbloat.
That was working up until I installed 2.6.0Going from 2.4.5-p1 to 2.6.0 broke Unbound, but Traffic Shaping / Limiters still work fine for me.
-
Here they work too.
-
the internet gets blocked after applying the limiters. I am currently using the captive portal too.
-
@jaypfadmin revert to 2.5.2 or wait - the choice is yours.
-
@thiasaef downgraded back to 2.5.2 and all working now .
-
S SteveITS referenced this topic on
-
@jaypfadmin You saved me HOURS of troubleshooting!
