WAN Limit bandwith
Hi, I have a problem that I couldn't find any solutions on the web.
I currently have a multiple WAN / multiple LAN setup that works well with no traffic shapping (only firewall rules that redirect traffic according to ports). The fact is I just got a symetrical 1000 Mbit/s WAN access but I want to use only 60 Mbit/s on this connexion (each up and down) and no more (let's call it WAN1). But the LAN users need auround 100-150 Mbit/s for surfing the web. That's why I also have a few 15-20 Mbit/s WAN access (let's call it WAN2-WAN6) but their quality is worse (higher ping and less stable) than WAN1.
So what I need is to setup a (set of) rule(s) with Traffic Shapping probably that handles all the http/https traffic and redirect it to the WAN1-WAN6 group gateways but under the condition that under no circumstances the WAN1 bandwith gets above 60 Mbit/s.
I have found out how to use the limiter to limit up and down bandwidth of a firewall rule but I don't want it applied on the whole http/https traffic but only a single interface.
So I've looked at Traffic Shapper By Interface but I've only managed to limit the upload bandwidth and not the download one and I can't find how to limit both up and down on an interface.
I'm quite lost right now, so I hope you would come with a solution.
In addition if the WAN1 gateway could be prioritized over the WAN2-WAN6 that would be better but it's not the most important point.
Download is shaped on the LAN.
Maybe you could use packet marking to mark traffic incoming on the chosen WAN and then match it on the LAN & shape it.
or, with traffic-shaping queues, I think that if traffic leaves the WAN through qWhatever it will be placed into qWhatever on the LAN when it returns.
Thanks but I'm not sure how to shape only marked packet. Do you have any clue where this can be done ?
And about the same names of the queue on both WAN and LAN. I tryed it but it doesn't seem to work. The download is still not limited.
Moreover I don't want to use a queue for the whole LAN (just for the part that goes into WAN1) so I can't use a queue on the LAN interface (or I haven't found out how to specify that)
OK problem solved.
I used "match" floating rules to catch all traffic on a specific interface and force it to go through a queue limited to 60 Mbit/s
Link : https://forum.pfsense.org/index.php?topic=120380.0
I just wanted to say THANK YOU. I've been like a whole month searching for this and couldn't find it anywhere and you were kind enough to not only state the exact same problem I was having but also to show up with a tutorial.
You're pure gold !