Uploadspeed



  • Hallo

    Ich versuche gerade mittels Trafficshaper ''alias bzw ip bezogene bandbreitenregeln''' zu erstellen.

    Als Basis dazu habe ich einen regel mit dem Wizard erstellt(voip) und nachfolgend einfach die queues
    geändert /auf maxbandwith/, diese queues hab ich dann für die jeweilige bandbreite je 1x up +1x down
    ertsellt . Die regeln haben dann jeweils mit den aliasen die entsprechenden Queues bekommen.

    Vom prinzip her sollte das so sein wie schon teilweise im Forum besprochen. Die download speed
    begrenzen  z.b. auch 1,2,4,6Mbit/sec funktioniert tadelos upload speed begrenzen get leider garnix  :-
    hab mich erst wenig mit dem shaper beschäftigt ,entweder hab ich was falschverstanden oder falsch
    eingerichtet.

    Setup: beta4 embedded auf wrap sis0= wan sis1 =lan, das wrap hängt hinter einer /pfsense die loabalncer spielt / und soll das captiv portal und das shaping wie oben beschrieben übernemen.

    Stefan



  • öhhmm

    gaarniemand einen Idee ???

    wie gesagt ich gehe davon aus das es grundsätzlich funktionieren sollte 'donwn get ja auch '
    da eben nur up sich nicht einbremsen lässt vermute ich mal das ich was falsch mache

    Stefan



  • Poste bitte mal den Trafficshaper-Teil Deiner config.xml.



  • Hmm.. ich hoffe mal ich hab jetzt das was du meintesd

    Danke im Voraus :Stefan

    - <shaper><schedulertype>hfsc</schedulertype> 
    - <queue><schedulertype><bandwidth>1024</bandwidth> 
      <bandwidthtype>Kb</bandwidthtype> 
      <priority>0</priority> 
      <name>qwanRoot</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue> 
      <attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>16000</bandwidth> 
      <bandwidthtype>Kb</bandwidthtype> 
      <priority>0</priority> 
      <name>qlanRoot</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue> 
      <attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><name>qwandef</name> 
      <attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule>0</associatedrule> 
      <defaultqueue>true</defaultqueue> 
      <priority>3</priority> 
      <realtime>on</realtime> 
      <realtime3>1%</realtime3> 
      <bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <qlimit>500</qlimit></queue> 
    - <queue><name>qlandef</name> 
      <priority>3</priority> 
      <attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule>0</associatedrule> 
      <defaultqueue>true</defaultqueue> 
      <realtime>on</realtime> 
      <realtime3>1%</realtime3> 
      <bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <qlimit>500</qlimit></queue> 
    - <queue><name>qwanacks</name> 
      <ack><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule>0</associatedrule> 
      <priority>7</priority> 
      <realtime>on</realtime> 
      <realtime3>10%</realtime3> 
      <bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype></ack></queue> 
    - <queue><name>qlanacks</name> 
      <ack><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule>0</associatedrule> 
      <priority>7</priority> 
      <realtime>on</realtime> 
      <realtime3>10%</realtime3> 
      <bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype></ack></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>7</priority> 
      <name>qVOIPUp</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>127Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>7</priority> 
      <name>qVOIPDown</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>512Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>7</priority> 
      <name>basicup</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>128Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>7</priority> 
      <name>basicdown</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>1100Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>6</priority> 
      <name>Homeup</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>256Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>6</priority> 
      <name>Homedown</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>2200Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>5</priority> 
      <name>Proup</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>396Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>5</priority> 
      <name>Prodown</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>4300Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>5</priority> 
      <name>Premiumup</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>512Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <queue><schedulertype><bandwidth>1</bandwidth> 
      <bandwidthtype>%</bandwidthtype> 
      <priority>4</priority> 
      <name>Premiumdown</name> 
      <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit>on</upperlimit> 
      <upperlimit3>6100Kb</upperlimit3> 
      <upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> 
      <associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> 
    - <rule><in-interface>wan</in-interface> 
      <out-interface>lan</out-interface> 
    - <source>
      <any>- <destination><address>10.10.1.3</address></destination> 
      <direction>in</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>qVOIPUp</inqueue> 
      <outqueue>qVOIPDown</outqueue></tcpflags></iptos></any></rule> 
    - <rule><in-interface>lan</in-interface> 
      <out-interface>wan</out-interface> 
    - <source>
    
    <address>10.10.1.3</address>
    
    - <destination><any></any></destination> 
      <direction>out</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>qVOIPDown</inqueue> 
      <outqueue>qVOIPUp</outqueue></tcpflags></iptos></rule> 
    - <rule><in-interface>wan</in-interface> 
      <out-interface>lan</out-interface> 
    - <source>
      <any>- <destination><address>Premium</address></destination> 
      <direction>in</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Premiumup</inqueue> 
      <outqueue>Premiumdown</outqueue></tcpflags></iptos></any></rule> 
    - <rule><in-interface>lan</in-interface> 
      <out-interface>wan</out-interface> 
    - <source>
    
    <address>Premium</address>
    
    - <destination><any></any></destination> 
      <direction>out</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Premiumdown</inqueue> 
      <outqueue>Premiumup</outqueue></tcpflags></iptos></rule> 
    - <rule><in-interface>wan</in-interface> 
      <out-interface>lan</out-interface> 
    - <source>
      <any>- <destination><address>Pro</address></destination> 
      <direction>in</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Proup</inqueue> 
      <outqueue>Prodown</outqueue></tcpflags></iptos></any></rule> 
    - <rule><in-interface>lan</in-interface> 
      <out-interface>wan</out-interface> 
    - <source>
    
    <address>Pro</address>
    
    - <destination><any></any></destination> 
      <direction>out</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Prodown</inqueue> 
      <outqueue>Proup</outqueue></tcpflags></iptos></rule> 
    - <rule><in-interface>wan</in-interface> 
      <out-interface>lan</out-interface> 
    - <source>
      <any>- <destination><address>Home</address></destination> 
      <direction>in</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Homeup</inqueue> 
      <outqueue>Homedown</outqueue></tcpflags></iptos></any></rule> 
    - <rule><in-interface>lan</in-interface> 
      <out-interface>wan</out-interface> 
    - <source>
    
    <address>Home</address>
    
    - <destination><any></any></destination> 
      <direction>out</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>Homedown</inqueue> 
      <outqueue>Homeup</outqueue></tcpflags></iptos></rule> 
    - <rule><in-interface>wan</in-interface> 
      <out-interface>lan</out-interface> 
    - <source>
      <any>- <destination><address>basic</address></destination> 
      <direction>in</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>basicup</inqueue> 
      <outqueue>basicdown</outqueue></tcpflags></iptos></any></rule> 
    - <rule><in-interface>lan</in-interface> 
      <out-interface>wan</out-interface> 
    - <source>
    
    <address>basic</address>
    
    - <destination><any></any></destination> 
      <direction>out</direction> 
      <iptos><tcpflags><descr>VOIP Adapter</descr> 
      <inqueue>basicdown</inqueue> 
      <outqueue>basicup</outqueue></tcpflags></iptos></rule> 
      <enable></enable></shaper> 
    


  • Ok, wir bräuchten nochmal die Datei /tmp/rules.debug (kannst Du über das webgui unter diagnostics>edit file öffnen und copy/pasten).



  • Müsste das hier sein …..

    Gruss Stefan

    # System Aliases 
    loopback = "{ lo0 }"
    lan = "{ sis0  }"
    wan = "{ sis1  ng0 }"
    # User Aliases 
    Home = "{ 10.10.1.70 10.10.1.71 10.10.1.72 10.10.1.73 10.10.1.74 10.10.1.75 10.10.1.76 10.10.1.77 10.10.1.78 10.10.1.79 10.10.1.80 }"
    Premium = "{ 10.10.1.100 10.10.1.101 10.10.1.102 10.10.1.103 10.10.1.104 10.10.1.105 10.10.1.106 10.10.1.107 10.10.1.108 10.10.1.109 }"
    Pro = "{ 10.10.1.90 10.10.1.91 10.10.1.92 10.10.1.93 10.10.1.94 10.10.1.95 10.10.1.96 10.10.1.97 10.10.1.98 10.10.1.99 }"
    basic = "{ 10.10.1.50 10.10.1.51 10.10.1.52 10.10.1.53 10.10.1.54 10.10.1.55 10.10.1.56 10.10.1.57 10.10.1.59 10.10.1.58 192.168.100.100 }"
    
    set loginterface sis1
    set loginterface sis0
    set optimization normal
    
    scrub on sis1 all random-id 
    altq on sis1 hfsc bandwidth 1024Kb queue { qwanRoot }
    altq on sis0 hfsc bandwidth 16000Kb queue { qlanRoot }
    
    queue qwanRoot bandwidth 1024Kb priority 0 hfsc { qwandef, qwanacks, qVOIPUp, basicup, Homeup, Proup, Premiumup }
    queue qlanRoot bandwidth 16000Kb priority 0 hfsc { qlandef, qlanacks, qVOIPDown, basicdown, Homedown, Prodown, Premiumdown }
    queue qwandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
    queue qlandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
    queue qwanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
    queue qlanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
    queue qVOIPUp bandwidth 1% priority 7 hfsc (  upperlimit 127Kb )
    queue qVOIPDown bandwidth 1% priority 7 hfsc (  upperlimit 512Kb )
    queue basicup bandwidth 1% priority 7 hfsc (  upperlimit 128Kb )
    queue basicdown bandwidth 1% priority 7 hfsc (  upperlimit 1100Kb )
    queue Homeup bandwidth 1% priority 6 hfsc (  upperlimit 256Kb )
    queue Homedown bandwidth 1% priority 6 hfsc (  upperlimit 2200Kb )
    queue Proup bandwidth 1% priority 5 hfsc (  upperlimit 396Kb )
    queue Prodown bandwidth 1% priority 5 hfsc (  upperlimit 4300Kb )
    queue Premiumup bandwidth 1% priority 5 hfsc (  upperlimit 512Kb )
    queue Premiumdown bandwidth 1% priority 4 hfsc (  upperlimit 6100Kb )
    
    # UPnPd rdr anchor
    rdr-anchor "upnpd/*"
    nat-anchor "pftpx/*"
    nat-anchor "natearly/*"
    nat-anchor "natrules/*"
    # FTP proxy
    rdr-anchor "pftpx/*"
    nat on $wan from 10.10.1.0/24 port 500 to any port 500 -> (sis1) port 500
    nat on $wan from 10.10.1.0/24 to any -> (sis1)
    #SSH Lockout Table
    table <sshlockout>persist
    
    # Load balancing anchor - slbd updates
    rdr-anchor "slb"
    
    # FTP Proxy/helper
    rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
    
    block in all tag unshaped label "SHAPER: first match rule"
    pass in on  $wan from any to 10.10.1.3  keep state tagged unshaped tag qVOIPUp 
    pass out on $lan from any to 10.10.1.3 keep state tagged qVOIPUp tag qVOIPDown
    pass in on  $lan from 10.10.1.3 to any  keep state tagged unshaped tag qVOIPDown 
    pass out on $wan from any to any keep state tagged qVOIPDown tag qVOIPUp
    pass in on  $wan from any to $Premium  keep state tagged unshaped tag Premiumup 
    pass out on $lan from any to $Premium keep state tagged Premiumup tag Premiumdown
    pass in on  $lan from $Premium to any  keep state tagged unshaped tag Premiumdown 
    pass out on $wan from any to any keep state tagged Premiumdown tag Premiumup
    pass in on  $wan from any to $Pro  keep state tagged unshaped tag Proup 
    pass out on $lan from any to $Pro keep state tagged Proup tag Prodown
    pass in on  $lan from $Pro to any  keep state tagged unshaped tag Prodown 
    pass out on $wan from any to any keep state tagged Prodown tag Proup
    pass in on  $wan from any to $Home  keep state tagged unshaped tag Homeup 
    pass out on $lan from any to $Home keep state tagged Homeup tag Homedown
    pass in on  $lan from $Home to any  keep state tagged unshaped tag Homedown 
    pass out on $wan from any to any keep state tagged Homedown tag Homeup
    pass in on  $wan from any to $basic  keep state tagged unshaped tag basicup 
    pass out on $lan from any to $basic keep state tagged basicup tag basicdown
    pass in on  $lan from $basic to any  keep state tagged unshaped tag basicdown 
    pass out on $wan from any to any keep state tagged basicdown tag basicup
    
    anchor "ftpsesame/*" 
    anchor "firewallrules"
    
    # loopback
    anchor "loopback"
    pass in quick on $loopback all label "pass loopback"
    pass out quick on $loopback all label "pass loopback"
    
    # package manager early specific hook
    anchor "packageearly"
    
    # carp
    anchor "carp"
    # enable ftp-proxy
    
    anchor "ftpproxy"
    anchor "pftpx/*"
    pass in quick on sis0 inet proto tcp from any to $loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
    pass in quick on sis0 inet proto tcp from any to $loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
    pass in quick on sis1 inet proto tcp from port 20 to (sis1) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
    
    # allow access to DHCP server on LAN
    anchor "dhcpserverlan"
    pass in quick on $lan proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN"
    pass in quick on $lan proto udp from any port = 68 to 10.10.1.1 port = 67 label "allow access to DHCP server on LAN"
    pass out quick on $lan proto udp from 10.10.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN"
    
    # allow our DHCP client out to the WAN
    anchor "wandhcp"
    pass out quick on $wan proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan"
    block in log quick on $wan proto udp from any port = 67 to 10.10.1.0/24 port = 68 label "allow dhcp client out wan"
    
    pass in quick on $wan proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan"
    
    # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
    antispoof for sis0
    # Support for allow limiting of TCP connections by establishment rate
    anchor "limitingesr"
    table <virusprot>block in quick from <virusprot>to any label "virusprot overload table"
    
    # let out anything from the firewall host itself and decrypted IPsec traffic
    pass out quick on sis1 all keep state label "let out anything from firewall host itself"
    # pass traffic from firewall -> out
    anchor "firewallout"
    pass out quick on sis1 all keep state tagged qVOIPUp queue (qVOIPUp, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state tagged basicup queue (basicup, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state tagged Homeup queue (Homeup, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state tagged Proup queue (Proup, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state tagged Premiumup queue (Premiumup, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state queue (qwandef, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged qVOIPDown queue (qVOIPDown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged basicdown queue (basicdown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged Homedown queue (Homedown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged Prodown queue (Prodown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged Premiumdown queue (Premiumdown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state queue (qlandef, qlanacks) label "let out anything from firewall host itself"
    
    # make sure the user cannot lock himself out of the webGUI or SSH
    anchor "anti-lockout"
    pass in quick from 10.10.1.0/24 to 10.10.1.1 keep state label "anti-lockout web rule"
    
    # SSH lockout
    block in log proto tcp from <sshlockout>to any port 22 label "sshlockout"
    
    # User-defined rules follow
    # Anchors for rules that might be matched by queues
    anchor qwanRoot tagged qwanRoot
    anchor qlanRoot tagged qlanRoot
    anchor qwandef tagged qwandef
    anchor qlandef tagged qlandef
    anchor qwanacks tagged qwanacks
    anchor qlanacks tagged qlanacks
    anchor qVOIPUp tagged qVOIPUp
    anchor qVOIPDown tagged qVOIPDown
    anchor basicup tagged basicup
    anchor basicdown tagged basicdown
    anchor Homeup tagged Homeup
    anchor Homedown tagged Homedown
    anchor Proup tagged Proup
    anchor Prodown tagged Prodown
    anchor Premiumup tagged Premiumup
    anchor Premiumdown tagged Premiumdown
    pass in quick on $wan from any to any keep state  queue (qwandef, qwanacks)  label "USER_RULE" 
    #   opt2 array key does not exist for  label "USER_RULE" 
    pass in quick on $lan from 10.10.1.0/24 to any keep state  queue (qlandef, qlanacks)  label "USER_RULE: Default LAN -> any" 
    
    # VPN Rules
    
    #---------------------------------------------------------------------------
    # default rules (just to be sure)
    #---------------------------------------------------------------------------
    block in log quick all label "Default block all just to be sure."
    block out log quick all label "Default block all just to be sure."</sshlockout></virusprot></virusprot></sshlockout> 
    


  • Ok, Fehler gefunden. Bill arbeitet an der Behebung. Ich gebe Dir bescheid, wenn es was zu testen gibt. Der Fehler tritt übrigens nur mit PPPoE WAN auf.



  • hallo sorry für die späte Antwort

    danke erstmal für deine hilfe

    Der Fehler tritt übrigens nur mit PPPoE WAN auf.

    hmm… diese sense is wie erwähnt einer anderen sense nachgeschaltet und ist Wanseitig als dhcpclient eingestellt
    Grund dafür ist das meinen pfsense mit loadbalancer kein Captivportal mehr kann .
    aber gut mal sehen was dabei rauskommt

    Mfg: Stefan


Log in to reply