Shaping HTTPS uploads

MaxPF · May 8, 2016, 10:08 PM

Thanks for the reply. I tried both your suggestions and still the traffic goes to the qDefault. I enabled logging on the rule and I can see it being triggered, but for some reason the https traffic is not going in the qOthersLow as I want it to.

Is there any built in rule for https traffic that overrides custom rules? I haven't tweaked any of the wizard generated settings. It should be pretty straight forward.

Derelict · May 8, 2016, 10:18 PM

Probably best to post screen shots of the rule(s) and the queue setups.

MaxPF · May 9, 2016, 1:20 AM

Here are the screenshots of the floating rule and the queues created by the wizard. 192.168.1.25 in on LAN and is going out the net on WAN.

Nullity · May 9, 2016, 1:29 AM

Can you post the floating & LAN rules list?

I try to avoid floating rules unless they are required.

Can you use a LAN interface rule instead? (Just use "PASS" instead of "MATCH".)

MaxPF · May 9, 2016, 1:07 PM

I tried to set the rule on the LAN using Pass just above the standard rule to allow LAN traffic out. HTTPS uploads still go to qDefault

MaxPF · May 10, 2016, 5:12 PM

One more screenshot showing that in the logs the floating rule is actually triggered while uploading to Google Drive (in this case), but the traffic is not sent to the correct queue

sideout · May 10, 2016, 6:09 PM

If you are using floating rules , use WAN for the interface.

Derelict · May 11, 2016, 12:13 AM

Can't use WAN for the interface and match on a LAN address after NAT.

~~Just so we know exactly what we're looking at, is LAN's qOthersLow just cropped off of that last Status > Queues you posted? I know it's in the shaper config further up but…~~ - Nevermind. That's a select list not freeform text where you set the queue.

Something else has to be matching the traffic and not setting the queue.

You running squid by any chance?

MaxPF · May 11, 2016, 1:10 PM

sideout suggestion worked! Changing the floating rule to use WAN with direction out, source IP set to the host on the LAN and HTTPS as destination port did the trick. I thought I tried that combination before, but apparently I didn't. Now whenever I upload from 192.168.1.25 to GDrive for example I can finally see the traffic going on the qOthersLow queue on the WAN interface.

Thanks for the help everybody! :D

Derelict · May 12, 2016, 12:17 AM

That doesn't make any sense to me.

When you match on WAN out NAT has already happened and source address is the WAN address (by default).

MaxPF · May 12, 2016, 3:08 PM

@Derelict:

That doesn't make any sense to me.

When you match on WAN out NAT has already happened and source address is the WAN address (by default).

Strange or not, it works :o

sideout · May 12, 2016, 4:10 PM

I generally set the direction to both on Floating rules when choosing direction and WAN as the interface.