Understanding Limiter Directionality with NAT
-
Been trying to wrap my brain around this one but I'm not quite sure how it works.
Specifically here I'm talking about bandwidth limiters applied to single IPs or subnets, and while I totally get HOW to do it, I don't get WHY it works.
Limiters are created and then applied via firewall rules, that makes sense to me, what I don't get is how does the limiter actually apply on the LAN side in the download direction.
Details:
-
100mbps limiter is setup with no mask
-
Firewall rule on the LAN side applied to single client via SOURCE
What I don't get is how is the firewall limiting download speed to the client when it's done via source address and the source address of the packets will be the firewalls LAN IP due to NAT. In theory the firewall rule shouldn't be matching the download traffic since it's matching via source.
Really just want to be able to wrap my brain around the way this is actually functioning inside the firewall.
And on that note, how would one setup a download only limit WITHOUT having a upload limiter in place since you can only put an Out rule (for download) if an In rule is also in place.
-
-
Maybe this just clicked with me....
Since it's stateful that's why this works, correct? It's not matching per packet and totaling things up like my brain was thinking.