WAN Limit bandwith



  • Hi, I have a problem that I couldn't find any solutions on the web.

    I currently have a multiple WAN / multiple LAN setup that works well with no traffic shapping (only firewall rules that redirect traffic according to ports). The fact is I just got a symetrical 1000 Mbit/s WAN access but I want to use only 60 Mbit/s on this connexion (each up and down) and no more (let's call it WAN1). But the LAN users need auround 100-150 Mbit/s for surfing the web. That's why I also have a few 15-20 Mbit/s WAN access (let's call it WAN2-WAN6) but their quality is worse (higher ping and less stable) than WAN1.

    So what I need is to setup a (set of) rule(s) with Traffic Shapping probably that handles all the http/https traffic and redirect it to the WAN1-WAN6 group gateways but under the condition that under no circumstances the WAN1 bandwith gets above 60 Mbit/s.

    I have found out how to use the limiter to limit up and down bandwidth of a firewall rule but I don't want it applied on the whole http/https traffic but only a single interface.
    So I've looked at Traffic Shapper By Interface but I've only managed to limit the upload bandwidth and not the download one and I can't find how to limit both up and down on an interface.

    I'm quite lost right now, so I hope you would come with a solution.

    In addition if the WAN1 gateway could be prioritized over the WAN2-WAN6 that would be better but it's not the most important point.

    MoaMoaK



  • Download is shaped on the LAN.

    Maybe you could use packet marking to mark traffic incoming on the chosen WAN and then match it on the LAN & shape it.

    or, with traffic-shaping queues, I think that if traffic leaves the WAN through qWhatever it will be placed into qWhatever on the LAN when it returns.



  • Thanks but I'm not sure how to shape only marked packet. Do you have any clue where this can be done ?
    And about the same names of the queue on both WAN and LAN. I tryed it but it doesn't seem to work. The download is still not limited.
    Moreover I don't want to use a queue for the whole LAN (just for the part that goes into WAN1) so I can't use a queue on the LAN interface (or I haven't found out how to specify that)



  • OK problem solved.
    I used "match" floating rules to catch all traffic on a specific interface and force it to go through a queue limited to 60 Mbit/s
    Link : https://forum.pfsense.org/index.php?topic=120380.0
    Thx



  • I just wanted to say THANK YOU.  I've been like a whole month searching for this and couldn't find it anywhere and you were kind enough to not only state the exact same problem I was having but also to show up with a tutorial.

    You're pure gold !