Traffic Shaping (CODEL/FQ_CODEL) kills all traffic, no internet access
-
As the title states, when I create the Limiter and Queues for WAN Download and WAN Upload, then create and apply the 2 floating rules (IPv4 and IPv6) on WAN interface, I lose all internet access. If I disable the FW rules, everything comes back.
I'm a dangerous IT Sys Admin that has very little network training, so I may be my own worst enemy here. Please don't assume that my setup is correct, so please ask questions and I will do my best to oblige.
Not that I am running it, but I understand that Suricata running in inline mode doesn't work with traffic shaping, is that potentially the case I have here with pfBLockerNG-devel?
pfsense:
2.5.0-DEVELOPMENT (amd64)
built on Thu Sep 10 01:03:22 EDT 2020
FreeBSD 12.2-PRERELEASEHardware:
Hyper-V VM, dual NIC
4GB RAM
3 CPU Cores
Disk: plenty.Packages:
HAProxy: 0.60_4
pfBlockerNG-devel: 2.2.5_34
Telegraf: 0.9_4Gigabit internet by xfinity (1Gb/41Mb)
4 VLANS (LAN, Gaming, IOT, DMZ. More info on request.Limiters/Queues:
Name: WAN-Download
Bandwidth: 1024 Mbit/s
Mask: None
Queue Management Algorithm: CoDel
Scheduler: FQ_CODEL
Queue length: 10000
ECN: checked- Name: WAN-Download-Q
- Mask: None
- Queue Management Algorithm: CoDel
- ECN: checked
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Name: WAN-Upload
Bandwidth: 41 Mbit/s
Mask: None
Queue Management Algorithm: CoDel
Scheduler: FQ_CODEL
Queue length: 4000
ECN: checked- Name: WAN-Upload-Q
- Mask: None
- Queue Management Algorithm: CoDel
- ECN: checked
Firewall Rules:
Floating
I've tried adding to the top or bottom to no avail.
For both ipv4/6...
Action: Pass
Quick: checked
Interface: WAN
Direction: Out
Address Family: IPv4 or IPv6 depending on rule
Protocol: Any
Source: Any
Dest.: Any
Gateway: WAN_DHCP or WAN_DHCP6 depending on rule
In / Out pipe: WAN-Upload-Q / WAN-Download-Q -
yes it's not working on 2.5.0
https://redmine.pfsense.org/issues/9643 -
@kiokoman said in Traffic Shaping (CODEL/FQ_CODEL) kills all traffic, no internet access:
yes it's not working on 2.5.0
https://redmine.pfsense.org/issues/9643Thanks for info, I keep forgetting about the bug tracker. Watching that one now.