Limiter on each VLAN



  • Hey people.

    I would like all my different VLANs to run different speed, like a hosting Company.

    Right now i have.

    VLAN 5
    VLAN 10
    VLAN 15
    VLAN 20
    VLAN 25
    and so on.

    i would like them to run different WAN speed.

    VLAN 5 - 10mbit/10mbit
    VLAN 10 - 2mbit/1mbit
    VLAN 15 - 5mbit/5mbit

    I made a rule in each vlan and everything works.

    But question is why is In / Out pipe reversed? So i have to put the upload limiter in the in pipe and the download limiter in the out pipe?
    PfSense state

    "Choose the Out queue/Virtual interface only if In is also selected. The Out selection is applied to traffic leaving the interface where the rule is created, the In selection is applied to traffic coming into the chosen interface.
    If creating a floating rule, if the direction is In then the same rules apply, if the direction is Out the selections are reversed, Out is for incoming and In is for outgoing. "

    Im a doing something wrong or is there a better way? :-)



  • anyone??



  • @TheEnergy:

    I made a rule in each vlan and everything works.

    But question is why is In / Out pipe reversed? So i have to put the upload limiter in the in pipe and the download limiter in the out pipe?
    PfSense state

    "Choose the Out queue/Virtual interface only if In is also selected. The Out selection is applied to traffic leaving the interface where the rule is created, the In selection is applied to traffic coming into the chosen interface.
    If creating a floating rule, if the direction is In then the same rules apply, if the direction is Out the selections are reversed, Out is for incoming and In is for outgoing. "

    Im a doing something wrong or is there a better way? :-)

    If everything works then there's no real urgency to answering your question.

    If you want to know more about the inner workings of limiters look up FreeBSD's dummynet, which is what "limiters" are.



  • Maybe it's not urgent but I'd also like to see this explained.
    Reversing ingress and egress seems strange unless you know and can understand why. Wouldn't it bother you as well?



  • @jahonix:

    Maybe it's not urgent but I'd also like to see this explained.
    Reversing ingress and egress seems strange unless you know and can understand why. Wouldn't it bother you as well?

    If it bothered me, I'd go read about dummynet, ipfw, pf, and pfSense's details… :)

    It is interesting confusing though.

    I'd start with seeing precisely what the firewall rules are (via "pfctl" & "ipfw" commands) and see if I could decipher what's causing the seemingly strange ingress/egress reversal.



  • @Nullity:

    … read about dummynet, ipfw, pf, and pfSense's details... start with  "pfctl" & "ipfw" commands...

    Not only is my learning curve in this regard quite steep, I simply don't have time to invest. Currently.
    Hope dies last, right?  ;)


  • Netgate

    Because limiters on LAN are in relation to that interface from the firewall's perspective. Uploads from hosts are inbound traffic on LAN and Downloads are outbound traffic on LAN. Just like the description there states.



  • Can be easily done:

    Just make a limiter for every speed. And a queue in it.

    Then make a rule to put the traffic in the limiter. Select the queue name not the limiter it self.

    And yes you have to make separate limiters for up and download.

    Here is more info https://forum.pfsense.org/index.php?topic=63531.0 Nullity pointed out to me earlier :)