bridged traffic shaper with 2.7.x
-
I have searched around, but most of the posts/info appears dated...some is even conflicting info.
With v2.7.x, is it possible to configure a bridged ("transparent") traffic shaper with pfSense?
I'd like to insert such a mini-appliance between my gateway and my ISP's hardware/modem. I don't want to insert additional NAT to achieve this.
Appreciate any info/guidance/links.
Thanks in advance.
-
Yes. I got fq_codel working on a bridge in OPNSense and pfSense, but there seems to be Free and Double free errors on the machine and maybe on my XGS-PON. I am using FTTH. I think the errors are from applications trying to negotiate various link speeds and IOTCL not knowing which way is WAN and LAN. I was also running sensei/zenarmor on the LAN and fq_codel on the bridge.
I got hit by some mitre attack, binding public IPs to my bridge too. Perhaps DHCP and transparent DNS on unbound were to blame, as turning off DHCP seems to drop my link speed from 2.5gbps to 1gbps on my NBase-T NICs. This bit was never an issue with an AT&T router bypass. VLAN 0 stinks :) but at least OPNsense and pfSense recognize it. So can Mikrotik RouterOS devices.
Is it "supported"? No. Should it only be done with TCP? Probably. What about D-TLS and direct memory access NICs? What about putting IGMP in traffic shapers? What about file descriptors on local device NICs? What should they be set to?
I may go try out crowdsec one of these days.
https://youtu.be/zGTzeWYfy8o?si=Bb9RuXeyHmwWzoh-
Here is a maybe insightful video. (Wish I knew how to code :p)