Shaping when no "in" interface
-
I am forced to designate 2 interfaces when creating or editing a rule in the shaper, one that the traffic comes in on and one that it leaves on. What do I do in the case that I want to filter traffic that is originating from pfsense, such as ssh or freeswitch traffic?
pfsense 1.2.3-RC1
-
I am by no means a guru, but I'd say that you shape it by specifying the interface that the traffic is leaving the pfsense box through. So if you're accessing it from the LAN, you'd select LAN. Not quite sure though. Maybe:
LAN->LAN … oh wait I see the issue now :Perm... other than that first bit, seems pretty straightforward. I'm not sure what to say use... have you tried LAN->LAN?
-
I get this on the reload monitor page when selecting the same interface twice:
There were error(s) loading the rules: /tmp/rules.debug:20: syntax error/tmp/rules.debug:25: queue qwanRoot has no parent /tmp/rules.debug:25: errors in queue definition /tmp/rules.debug:27: queue qwandef has no parent /tmp/rules.debug:27: errors in queue definition /tmp/rules.debug:29: queue qwanacks has no parent /tmp/rules.debug:29: errors in queue definition /tmp/rules.debug:31: queue qVOIPUp has no parent /tmp/rules.debug:31: errors in queue definition /tmp/rules.debug:33: queue qP2PUp has no parent /tmp/rules.debug:33: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [20]: altq on vr0 hfsc bandwidth queue { qwanRoot qlanRoot }…
-
By what I'm reading there… its saying your queues have no assigned parent queue... did you do something other than try to add that one rule?
-
No. All I did was make the in and out interface the same.
I'm pretty new to pfsense, but it seems a little odd to me that a shaper rule has to name 2 interfaces. m0n0wall and iptables-based firewalls filter fine matching on a single interface, and that makes sense, considering most shapers operate on an egress (or ingress) queue.
-
Yeah… from what I understand 2.0 will include the shaper that monowall uses. And I do believe that the shaping does go by ingress if I remember right. It generally doesn't pay to use egress since from what i understand it doesn't quite work like that.
-
Yeah… from what I understand 2.0 will include the shaper that monowall uses. And I do believe that the shaping does go by ingress if I remember right. It generally doesn't pay to use egress since from what i understand it doesn't quite work like that.
HAH that is so totally wrong!
-
Doh. Yep had it backwards. Doesn't make sense to try and shape what is coming in as you can't really control that. But you can control what goes out :P
LoL. Stick my foot in face :D
-
By the way, you get errors like that where all child queues show as having no parent queue when you try to set a rule to have both interfaces the same (found this out when trying to get squid transparent proxy and traffic shaping to work together before I found http://forum.pfsense.org/index.php/topic,14436.0.html ;))