Internal Network

  • Maybe one of you gurus out there can grasp what I'm trying to do and point me in the right direction.  So far there seems to be very few limitations to what pfSense can do; in my case; I either cannot find the correct terminology or I'm plain going about it the wrong way.  Here's the scenario:

    Four interface, WAN, LAN, WIFI, DMZ.

    I'm attempting to build QoS rules to control traffic flow in these two main directions:

    WIFI, LAN and/or DMZ out to WAN.  This one was a piece of cake because the queuing actually exists at the exit of the interface that is doing the transmitting.  Now the hard part…

    In from the WAN to WIFI, LAN and/or DMZ.  This is were I get hosed up because now I have a limited bandwidth the WAN can handle and I'm trying to drop or queue traffic on the exit of three different interfaces that are much faster than the WAN connection.  Since the queues exist on three different interfaces, they aren't really aware of what each other is doing or how much total bandwidth is in use.

    My horrid solution initially was to assemble two pfSense boxes where the box closest to the Internet connection only has WAN and LAN then again QoS is a piece of cake in either direction.  Next I hook the Ethernet from the LAN side of this box to another box that has the WAN, LAN, WIFI and DMZ interfaces.  The second box basically just becomes a simple firewall/router.  The first box does the NAT and QoS.

    So after seeing this work in practice, I figured there must be a way to create the link that exists between these two machines virtually within a single instance of pfSense.  But when I read about Virtual IP, it looks like we are talking about Virtual LANs, VLANs, which isn't exactly what I'm looking for.


    Two questions:
      1.  Am I thinking about QoS completely wrong?
      2.  If I'm not, does the concept of "Internal Networks" exist within pfSense?  And if so, how do I get started using it?

    Many thanks all.

    P.S.  Don't rack your brain on this, because you'll give yourself a headache, unless of course you know exactly what I'm getting at and have done it successfully before.

  • After doing some more digging, it appears the answer lives here:

    Still a little confusing since this Pipe doesn't really act like a true interface.

Log in to reply