Traffic Shaping HaProxy on WAN
-
Hello, I have a Emby server running on my network, and I have a HaProxy making the connection from the WAN side to my network, to have a simpler url, I just use https://emby.myserver.com insted of https://myserver.com:8920.
The problem is that I what to control the emby stream bandwith (Upload), and for that I tried to a floating rule, quickly I realised that I cant't make the rule only for the emby url, because all traffic (emby and other services) arrive to my server on the port 443.
On the wan interface I added:
Action: Match
Quick: Disabled
Interface: WAN
Direction: any
Protocol: TCP
Source: any
Destination: Wan Address
Port: 443
Ackqueue / Queue: qACK/qStreamThis works marking the traffic to go to the qStream Queue, the problem is that all the other traffic that is going to my WAN 443 also is on qStream queue, and I would like to separate them. Is it possible to do this when I'm using the HaProxy allways on the same port?
I tried to map the rule on the LAN Inerface, but no success, I can't tag the traffic
Is this possible?
Thank You -
I tried to make a floating rule with:
Action: Reject
Interface: LAN
Direction: Out
Address Family: IPv4
Protocol: TCP/UDP
Source: any
Destination: EmbyServerThis actions successfully blocks all traffic to the EmbyServer
Then I tried to change the "block" to "match" and added the queues qACK/qStream.
The traffic now flows to the server, but not the correct queue, it falls back to the default queue. So, the floating rule can block the traffic, but not assign the queue. Can any one clarify on this?
Thank You
-
I also tried to make this work with the tag and tagged fields, the original rule that I have working:
Action: match
Interface: WAN
Direction: in
Address Family: IPv4
Protocol: TCP
Source: any
Destination: Wan Address
Destination Port Range: 443this is working ok tagging the traffic going to the HaProxy, not my finnal intente (I only what to filter the traffic going to the emby server) and now I tried to add:
Tag: fromwan
Queue none/noneThen I used the rule that I stated above:
Action: Match
Interface: LAN
Direction: Out
Address Family: IPv4
Protocol: TCP/UDP
Source: any
Destination: EmbyServer
queues qACK/qStream
Tagged: fromwanNothing, the traffic keeps not being assign to any queue. Just out of curiosity I tried to block the traffic from the wan to the emby server. I used the rule above
Action: Block
Interface: LAN
Direction: Out
Address Family: IPv4
Protocol: TCP/UDP
Source: any
Destination: EmbyServer
queues qACK/qStreamThis rule was working blocking the traffinc, but now I added Tagged fromwan. The result was no blocking at all.
Floating rules are so hard to predict and test, but I need them to shape my traffic.