Traffic Shape Penalty Box not working.
-
@periko What interface is the rule applied to? If you use the wrong interface....
-
@Grimeton WAN interface.
Thanks. -
I had been working with Traffic Shape, following the wizard.
Trying to penalize some users in the network but no luck.
I had move my rule in the top, bottom, Apply the action immediately on match. etc.
Reset my states, reset my fw, is my lab don't affect user :-).
My test is easy, I would like to affect some user on http/https(penalize them) , I create a Alias.
My rule is to move those Alias users to p2p which are lower priority.
But anything they try to download data or youtube, that traffic appear in the standard queue that the wizard create 'qOthersHigh'.
I manually create my own rules following the current rules, but won't matter, all that traffic never goes in the p2p queue, talking about http/https that I can say, I see traffic in the p2p queue but is a little amount.
Them I can think that this feature is not working or I don't understand the meaning?
user1 192.168.20.111 Penalize
user2 192.168.20.102 Penalize
user3 192.168.20.100 No PenalizeRight now the 3 users are downloading data from difference sites, the Penalize users suppose to get 3% of the traffic during the wizard steps.
Reading about floating rules, they are all check, the last one wins, now lets me show u my pftop queues.
There u can see at the bottom, I create my custom rules and they don't have any records.
Don't know the meaning of the 'Q' before the interface(igb0) at the right?Now how is the traffic on each user:
Most of the pfsense docs talk about PRIQ which is more easy to setup, is based on priority, them is possible to control bandwidth and have some users eat lets like Limiters do? Or didn't understand the Penalize meaning?
Other question, we cannot control burst data from the outside right?
Youtube is http/https traffic?I trying to understand this pfsense feature, any comment I will appreciated, thanks.
-
@periko can you take some screenshots of what the floating rule look like?
-
@bobbenheim yes, here they are.
Thanks. -
@periko If you push that pencil(edit) button at your "Traffico HTTP Penalizado" rule and take a screenshot of that, that was what i was going for. I assume that is the rule you want to penalize the host with :)
-
@bobbenheim yes, that is the users I want to penalize, here is the screenshot, is big..
-
@periko i assume that your alias Penalizados contains local ip adresses i.e. 192.168.1.x, and you are trying to match those adresses to traffic on the WAN interface when those adresses resides on the LAN interface. Can you try and set interface to LAN and see if it makes a difference?
-
@bobbenheim Yes I can, won't affect LAN2LAN?
-
@periko traffic among hosts on your local subnet is not sent to pfsense.
-
@bobbenheim Looks like that was the trick, I can see the rule working choosing LAN for the Penalty users, thanks Sir.