Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Traffic Shaping HaProxy on WAN

    Traffic Shaping
    1
    3
    100
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Soloam
      Soloam last edited by

      Hello, I have a Emby server running on my network, and I have a HaProxy making the connection from the WAN side to my network, to have a simpler url, I just use https://emby.myserver.com insted of https://myserver.com:8920.

      The problem is that I what to control the emby stream bandwith (Upload), and for that I tried to a floating rule, quickly I realised that I cant't make the rule only for the emby url, because all traffic (emby and other services) arrive to my server on the port 443.

      On the wan interface I added:
      Action: Match
      Quick: Disabled
      Interface: WAN
      Direction: any
      Protocol: TCP
      Source: any
      Destination: Wan Address
      Port: 443
      Ackqueue / Queue: qACK/qStream

      This works marking the traffic to go to the qStream Queue, the problem is that all the other traffic that is going to my WAN 443 also is on qStream queue, and I would like to separate them. Is it possible to do this when I'm using the HaProxy allways on the same port?

      I tried to map the rule on the LAN Inerface, but no success, I can't tag the traffic

      Is this possible?
      Thank You

      1 Reply Last reply Reply Quote 0
      • Soloam
        Soloam last edited by

        I tried to make a floating rule with:

        Action: Reject
        Interface: LAN
        Direction: Out
        Address Family: IPv4
        Protocol: TCP/UDP
        Source: any
        Destination: EmbyServer

        This actions successfully blocks all traffic to the EmbyServer

        Then I tried to change the "block" to "match" and added the queues qACK/qStream.

        The traffic now flows to the server, but not the correct queue, it falls back to the default queue. So, the floating rule can block the traffic, but not assign the queue. Can any one clarify on this?

        Thank You

        1 Reply Last reply Reply Quote 0
        • Soloam
          Soloam last edited by

          I also tried to make this work with the tag and tagged fields, the original rule that I have working:

          Action: match
          Interface: WAN
          Direction: in
          Address Family: IPv4
          Protocol: TCP
          Source: any
          Destination: Wan Address
          Destination Port Range: 443

          this is working ok tagging the traffic going to the HaProxy, not my finnal intente (I only what to filter the traffic going to the emby server) and now I tried to add:

          Tag: fromwan
          Queue none/none

          Then I used the rule that I stated above:

          Action: Match
          Interface: LAN
          Direction: Out
          Address Family: IPv4
          Protocol: TCP/UDP
          Source: any
          Destination: EmbyServer
          queues qACK/qStream
          Tagged: fromwan

          Nothing, the traffic keeps not being assign to any queue. Just out of curiosity I tried to block the traffic from the wan to the emby server. I used the rule above

          Action: Block
          Interface: LAN
          Direction: Out
          Address Family: IPv4
          Protocol: TCP/UDP
          Source: any
          Destination: EmbyServer
          queues qACK/qStream

          This rule was working blocking the traffinc, but now I added Tagged fromwan. The result was no blocking at all.

          Floating rules are so hard to predict and test, but I need them to shape my traffic.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy