Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic shaping floating rules: Which point of view?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Djoss
      last edited by

      I'm trying to setup traffic shaping of pfsense 2.0 beta.  But there is a point that is unclear to me:  Which point of view we have to take when setup traffic shaping floating rules?

      For example, I have a web server and I want all traffic (between the server to the client) to go in a specific queue.  So I added a floating rule with my web server's IP address and HTTP port as source.  I did that because from the point of view of the WAN interface, the traffic is originating from the web server.

      But doing this doesn't work;  traffic goes in the wrong queue.  So I tried to put the IP/Port as destination.  And now, the traffic goes in the right queue.

      So does the rules apply to "sessions"?  I.e., do I have to setup rules depending on who will initiate the session?  If it's the case, what about UDP traffic?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        pfSense keeps state information about "conversations". The state information is created when some one starts the conversation. Conversations involving the web server start with a packet whose destination address is the IP address of the server and destination port is the server's http port.

        I don't know the details, but I would guess that the state information for UDP "conversations" times out

        1 Reply Last reply Reply Quote 0
        • D
          dusan
          last edited by

          @Djoss:

          I'm trying to setup traffic shaping of pfsense 2.0 beta.  But there is a point that is unclear to me:  Which point of view we have to take when setup traffic shaping floating rules?

          From the viewpoint of the connection's initiator.

          @Djoss:

          For example, I have a web server and I want all traffic (between the server to the client) to go in a specific queue.  So I added a floating rule with my web server's IP address and HTTP port as source.  I did that because from the point of view of the WAN interface, the traffic is originating from the web server.

          But doing this doesn't work;  traffic goes in the wrong queue.  So I tried to put the IP/Port as destination.  And now, the traffic goes in the right queue.

          So does the rules apply to "sessions"?  I.e., do I have to setup rules depending on who will initiate the session?  If it's the case, what about UDP traffic?

          Yes. They apply to connections. UDP is also firewalled statefully so it is routed and shaped statefully too.

          However I am having so many problems with the latest snapshot (RELENG_8_1, Jan 25) that I doubt stateful routing and shaping actually works.

          1 Reply Last reply Reply Quote 0
          • D
            Djoss
            last edited by

            Thanks guys for the confirmation.  This help configuring the whole thing when you know that!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.