Traffic not shaping for forwarded traffic



  • I set up a queue with a 300Kbps maximum allowed bandwidth.  Then in the shaper rules I made a rule so that all traffic coming from a certain IP goes to that queue.  This has worked fine, and that IP can't upload more than 300Kbps, no matter the number of connections it makes.

    However, I noticed a problem.  I have one port forwarded to that IP.  If something connects to that port and gets data, the connection is put directly into the qwandef queue where it can pull at our full upload speed.  This port doesn't appear to be covered under any other queue rules, so I'm confused as to why these connections are not ending up in the queue that I made.



  • No ideas how to shape forwarded traffic?  :(



  • Port translation happens before filtering so you should write the shaping rules taking this into consideration.



  • The port doesn't actually change.  The traffic is simply forwarded to a specific IP.  Though, either way, all traffic to any port at that IP should be going into a queue.  This is why I'm confused.



  • This is still a problem for me.

    Here is the shaper rule for a local IP:

    This IP is only able to upload to the internet at 300kbps.  All traffic coming from this system is supposed to fall into this queue.  All of it does, unless it is a connection that is forwarded over the NAT.

    Here is my NAT rule:

    When someone connects over SSH (the port 22 that is forwarded) from a remote site, they are able to download files from 192.168.75.51 at the full bandwidth of our connection.  The connection is not being placed properly by the shaper rule into the proper queue that would limit its bandwidth to 300kbps.


Log in to reply