How to shape VLAN to WAN and WAN to VLAN traffic only?



  • Using wizard gives VLAN interfaces my WAN interface outbound speed, limiting 1gbit LAN to WAN download speed.

    I don't want to limit VLAN to VLAN speeds, only VLAN to WAN. The issue is with copying files across my local network. Downloading stuff from my samba server (VLAN1) to my local computer (VLAN2) gives me speeds of only 25MB/s which coincides with download speeds of 220mbit I put into traffic shaper wizard for WAN interface.

    Are there any elegant solutions for that? Or should I just remove the traffic shaper for VLAN1?



  • Hi @john_t1,

    All you would have to do is add another firewall rule (without limiter setup on it) that explicitly allows traffic to flow between VLAN1 and VLAN2 , and then make sure that rule is above the current rule that has the limiter setup on it. Firewall rules are evaluated from the top down, so traffic that is destined to flow between VLAN1 and VLAN2 should then match the new rule you created (without the limiter) allowing you to have full transfer speeds between the two subnets.

    Hope this helps.



  • Hey. Thanks for responding. The thing is, I have no limiters set up, I'm using traffic shaper wizard for HFSC traffic shaping. There are no limiters on my VLANs or LANs. Even if I manually setup qLink to 1gbit and leave qInternet at 200mbit it doesn't really help. I don't think pfsense can do what I want, that is:

    VLAN1 <-> VLAN2 = 1 Gbit bandwidth
    WAN -> VLAN1 = 200 Mbit bandwidth
    WAN -> VLAN2 = 200 Mbit bandwidth



  • My apologies - I must have misread your post. Can you tell us a little bit more how you have HFSC setup?

    Also, unless you're set on using HFSC, what you want to achieve is actually quite easy to do using limiters in pfSense. You could create up and down limiters for 200Mbit and then use fq_codel for the scheduler and AQM to help reduce bufferbloat. If your total WAN speed is 200Mbit one set of limiters will suffice, but if your WAN speed is higher and you just want to limit the speed to 200Mbit per VLAN (i.e total = 400Mbit), I would recommend creating two separate sets of 200Mbit up and down limiters. Apply the limiters (or limiter child queues if you choose to create them), to the firewall rule that allows traffic outbound from VLAN's. Then you just need to create the additional rule as I suggested above.

    I have similar situation (10Gbit LAN, 1Gbit WAN) and use a setup similar to this -- between my LAN subnets I see the full 10Gbit speed even though WAN is limited to 1Gbit.



  • No problem. My line is 220/6 Mbit. I don't want to limit clients by bandwidth, I wan't the line to be utilized fully. I only wan't to prioritize traffic by categories and eliminate bufferbloat.

    I'm currently experimenting with tagging all VLANS at a single physical interface and I try to limit that single interface in traffic shapping but it's not working, I'm still hitting the 200 Mbit limit with VLAN to VLAN traffic.

    This is my current VLAN setup: https://i.imgur.com/HreJkxG.png
    This Shaper setup: https://i.imgur.com/9O51sjd.png