Transparent Shaping, NAT OFF.

davefl · Feb 27, 2009, 2:37 PM

Hello.

I have the following setup:

CABLE MODEM (Public IP) <–---------------> Wireless Router (192.168.1.x)

What I would like to do is:

CABLE MODEM (Public IP) <---- pfSense ----> Wireless Router (192.168.1.x)

I need pfSense for traffic shaping purposes. I need it to work transparently. No Nat on pfsense, instead that will be handled by the Wireless Router. Also it should truly be transparent -- the computers on the wireless router should not have to modify their configuration.

The trouble is that the IP from the Cable Modem is dynamic and must be gathered from DHCP.

Can pfSense do this? If so, how?

I notice from the documentation: http://pfsense.trendchiller.com/transparent_firewall.pdf that it seems as if the WAN must have a static IP. Perhaps I am in error?

Thank you.

eri-- · Feb 27, 2009, 10:33 PM

Transparent(bridge) shaping can be done correctly only on 2.0 and not on 1.2+.

Edit:
Actually you can shape if you bridge 2 interfaces only on 1.2+.

davefl · Mar 2, 2009, 1:43 PM

@ermal:

Transparent(bridge) shaping can be done correctly only on 2.0 and not on 1.2+.

Edit:
Actually you can shape if you bridge 2 interfaces only on 1.2+.

So I can do this using 2.0 and the linked pdf document's instructions?

eri-- · Mar 2, 2009, 6:40 PM

Well shaping on 2.0 is totally different than 1.2.
For 2.0 you just run a wizard and create firewall rules and assign queues to them.

davefl · Mar 2, 2009, 9:10 PM

@ermal:

Well shaping on 2.0 is totally different than 1.2.
For 2.0 you just run a wizard and create firewall rules and assign queues to them.

So in 2.0 the wizard will assist in setting up a transparent shaper (as specified above and i should not use the linked instructions?). Sorry for the questions I just want to have everything planned before I actually jump into this.

All I want is a transparent shaper which passes packets between WAN (cable modem) <-> LAN (wireless router WAN/LAN) without any interference (not really a true firewall). I just need it to do some shaping, particularly with p2p (torrent) traffic. That's it.

I get that I will have to set up queues ad allocate bandwidth between them. My main concern first is just getting a transparent "firewall" in place. as quickly as possible to the point where it is functional (routes packets between WAN and LAN transparently). Then I can tweak the shaping.

Any particular guides or walkthroughs for doing this on 2.0? I have tried looking at the docs (as you can see), but i gues sI might be looking at obsolete info.

eri-- · Mar 2, 2009, 9:56 PM

Just run the wizard it will help.
If you want try out the layer7 shaper to 'really' shape bitorrent.