Floating rule to modem won't match queue
-
I've set up HFSC queues for my WAN/LAN and wanted to make connection to my ISP's modem (WAN interface) bypass the normal upload bandwidth (~2Mb).
I created a floating rule to Match on WAN, any direction, destination <modem_IP> and set it to use queue qLinkWAN (which I created on top of wizard rules, 100Mb). This doesn't seem to make the queue work -- the traffic still went through the default upload queue.
When I changed the action to Block, Reject, or Pass, everything works as expected in each case.For now I'm leaving it as Pass, but how come it won't work with Match (similar to all auto-created floating queue rules)?
-
@Fry-kun When you use match rules it is last match wins the race which means you need to put the rule at the bottom of the list to be sure the traffic isn't being caught by another rule. Pass rules is the other way around, first match applies.
-
But I don't have any rules set to use "qDefault" explicitly, so I assume that shouldn't have happened.
The only other rule that should match is "Default allow LAN to any rule" in LAN (which doesn't specify any queues)The weird thing is for all the other matches, the floating rules seem to classify queues as expected.
Notes:
LAN: 192.168.2.*
WAN: <public IP address>
Modem: 192.168.1.254, in "bridge" mode -
I am not talking about your queues, i just tried to explain how match rules work in general. Pfsense go through the rules from top to bottom, having a pass rule for example then the first rule to match the criteria will be applied. A match rule works differently it keeps going through your list of rules and the last one to match the criteria is applied. So if you want a floating rule to match a single host which could be your modem "192.168.1.254" you should put that rule at the bottom of the list of floating rules.
-
Looks like this floating rule worked after all - setting Match as 1st rule. Not sure why it wasn't working the 1st time, I didn't find any other contradicting rules. Maybe something didn't reload correctly...