PF 2.0 limiter firewall rule question
-
Hi,
I'm trying to get the PFsense dummynet limiters to work. The problem is; I'm confused about firewall rules for this purpose. I have a typical 1 LAN/2 WAN setup, with WAN2 only used if WAN1 goes down.
I'd like to setup a dummynet pipe that allows 1 Mbps upload and 3 Mbps download for a given target IP address. I've created the two separate limiters, but here is the question.
For upload, its obvious that I put a rule on LAN, that captures all traffic into the LAN interface from the target IP, and put that traffic through the limiters.
But, what about incoming trafic from outside world, coming into the WAN interface and out of the LAN interface to the target IP. I can't make a WAN rule, because the incoming traffic is all bound for the WAN IP address (and then will be passed along to the target via NAT). Can I make a LAN rule that will get triggered on traffic LEAVING the LAN interface destined for the target IP? I was under the impression that the firewall only scanned traffic INTO the interface, not OUT of the interface. Perhaps I'm wrong?
Thanks for any help working this out.
Dave
-
You can make a WAN rule with a destination of the LAN IP involved (NAT happens before the rules are processed) or you could put a rule on the floating tab, on lan, in the 'out' direction.
