Traffic shaping for all connections except company email server



  • hi!

    We have pfsense box in the office and we use traffic shaping to limit the bandwidth for some clients, just wondering, can we set a firewall rule to NOT limit the connection of some clients connection to  email servers?  Email servers can be google mail server, yahoo mail or our own domain email.

    TIA!

    ast



  • Anyone can help me? :)



  • It's seemingly a very simple thing to accomplish.

    What have you tried so far and what were the problems you encountered?



  • I'm able to traffic shape some clients, but its for all their connections.  I want to exclude our office email server (mail.xxxxxxx.com) from the limiter for faster downloading and sending of emails.



  • Any tip on how to do this simple thing? :)



  • @Nullity:

    …what were the problems you encountered?

    Setting up a matching firewall rule on top of the others?



  • @jahonix:

    @Nullity:

    …what were the problems you encountered?

    Setting up a matching firewall rule on top of the others?

    I need to put the "allow connection to company email server rule" on top of the traffic shaper rule?


  • Netgate

    You need to place a rule above the rule that puts the traffic in the queues. It should pass traffic from the local addresses you want to exempt with a destination of the mail server address. On that rule you can either set another higher priority queue or no queue at all since you're using limiters.

    You probably want to make a host alias using the mail host names for google and yahoo. such as hosts smtp.gmail.com, pop.gmail.com, and imap.gmail.com and whatever yahoo is doing these days. Webmail will be more difficult to identify the traffic.

    Anyway, you figure out how to identify the traffic you want to exempt from the limiters and pass that traffic without setting a limiter above the limiter rules.



  • Thanks a lot for the advice, I have blocked webmail services via firewall rule already.