How to shape traffic after NAT: Port Forward

atamido

I have port 80 on my WAN interface forwarded to port 80 on a computer attached to the LAN interface.  But no matter what I do, I can't seem to place external requests to port 80 into a queue other than the default.

Under Diagnostics: Show States, the connection state for a computer downloading a file on the internal PC over port 80 looks like this:

tcp  	x.x.x.x:80 <- y.y.y.y:80 <- z.z.z.z:57408  	ESTABLISHED:ESTABLISHED  	
tcp 	z.z.z.z:57408 -> x.x.x.x:80 	ESTABLISHED:ESTABLISHED 

Where x.x.x.x is the IP of the PC attached to the internal LAN, y.y.y.y is the WAN interface IP, and z.z.z.z is the IP of the requesting computer.

The opposite of this, where the PC on the LAN interface requests a file over port 80 from the remote PC looks like this:

tcp  	z.z.z.z:80 <- x.x.x.x:2268  	ESTABLISHED:ESTABLISHED  	
tcp 	x.x.x.x:2268 -> y.y.y.y:65156 -> z.z.z.z:80 	ESTABLISHED:ESTABLISHED 

I have some queues set up, and a rule such that all traffic from that PC connected to the LAN interface should be placed in the queue.

  IF: LAN->WAN 	Proto: * 	Source: x.x.x.x 	Destination: * 	qServerUp/qlandef

All of the requests originating at the PC connected to the LAN interface appropriately end up in the qServer queues I set up.  However incoming requests on port 80 through pfSense do not.  I ended up having to make a rule:

  IF: WAN->LAN 	Proto: * 	Source: * 	Destination: x.x.x.x 	qlandef/qServerUp

Adding that rule in fixed the forwarded traffic not being put in a queue.  The queue settings are:

Bandwidth: 1%
Priority: 1
Random Early Detection
Explicit Congestion Notification
Upperlimit: m2: 300Kb
Real time: m2: 1Kb
Parent queue: qwanRoot