How to shape traffic after NAT: Port Forward
-
I have port 80 on my WAN interface forwarded to port 80 on a computer attached to the LAN interface. But no matter what I do, I can't seem to place external requests to port 80 into a queue other than the default.
Under Diagnostics: Show States, the connection state for a computer downloading a file on the internal PC over port 80 looks like this:
tcp x.x.x.x:80 <- y.y.y.y:80 <- z.z.z.z:57408 ESTABLISHED:ESTABLISHED tcp z.z.z.z:57408 -> x.x.x.x:80 ESTABLISHED:ESTABLISHEDWhere x.x.x.x is the IP of the PC attached to the internal LAN, y.y.y.y is the WAN interface IP, and z.z.z.z is the IP of the requesting computer.
The opposite of this, where the PC on the LAN interface requests a file over port 80 from the remote PC looks like this:
tcp z.z.z.z:80 <- x.x.x.x:2268 ESTABLISHED:ESTABLISHED tcp x.x.x.x:2268 -> y.y.y.y:65156 -> z.z.z.z:80 ESTABLISHED:ESTABLISHEDI have some queues set up, and a rule such that all traffic from that PC connected to the LAN interface should be placed in the queue.
IF: LAN->WAN Proto: * Source: x.x.x.x Destination: * qServerUp/qlandefAll of the requests originating at the PC connected to the LAN interface appropriately end up in the qServer queues I set up. However incoming requests on port 80 through pfSense do not. I ended up having to make a rule:
IF: WAN->LAN Proto: * Source: * Destination: x.x.x.x qlandef/qServerUpAdding that rule in fixed the forwarded traffic not being put in a queue. The queue settings are:
Bandwidth: 1%
Priority: 1
Random Early Detection
Explicit Congestion Notification
Upperlimit: m2: 300Kb
Real time: m2: 1Kb
Parent queue: qwanRoot