Multi-WAN Multi-VLAN floating rules not matching

vpreatoni

Hi,

I'm having big trouble regarding traffic shaping on Multi-WAN multi-VLAN environment.

2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19

I've followed deajan howto here: https://forum.pfsense.org/index.php?topic=120380.0 however, it's only multi-WAN. Trouble begins when trying to match per-LAN traffic.

Eg:

RULE 1 - matching HTTPS traffic download from VLAN10 through WAN1:

• Action: Match
• Interface: WAN1 & VLAN10
• Direction: out
• Address Familiy: IPv4
• Protocol: TCP
• Destination Port Range: HTTPS
• Ackqueue / Queue: qAckWAN1 / qHighWAN1VLAN10

RULE 2 - matching HTTPS traffic download from VLAN20 through WAN1:

• Action: Match
• Interface: WAN1 & VLAN20
• Direction: out
• Address Familiy: IPv4
• Protocol: TCP
• Destination Port Range: HTTPS
• Ackqueue / Queue: qAckWAN1 / qHighWAN1VLAN20

So what happens here is that rule 1 conflicts with rule 2.

Testings done:

• If I deactivate rule 2, rule 1 works fine, otherwise not.
• Seems to me that selecting WAN1 on both rules is the problem, but if only select VLANx interface on both rules, doesn't match any rule.
• Tried to add Source: WAN1 net, doesn't work.
• Tried to match with gateway: WAN1, also doesn't work. In fact, gateway option is not for matching, but for enforcing.

So, any help appreciated. I'm happy to provide any output log/status if needed.

Cheers,
Victor.