Shaping WAN-LAN. But trafic LAN-OPT1 is also slowed down

  • Hello

    I have
    WAN with 25Mbit
    LAN with 130 users
    OPT1 with a few servers

    Shaping is set up using the wizard for WAN and copied to LAN. But not trafic is also slowed down when LAN is trying to acces servers on OPT1.

    How can it be set up, so LAN <> OPT1 is 100Mbit (or unlimited) and in/out from WAN it is limited as result of using the wizard?

    BR. Anders

  • I'm having the same issue too. Any help would be good. Tq

  • I'm trying out with this method, not sure if it will work properly. Anyone with experience please help me verify. Tq

    I'm running 2.0-RC3

    I bridge LAN & OPT1, then added the bridge0 interface as OPT2. The IP and DHCP on  LAN and OPT1 remain enabled. I give OPT2 another IP. Then when traffic shaping, I shaped WAN<->OPT2. Still testing it it. But under Status->Queues, the traffics for WAN is shown but for OPT2 it is not shown. LAN<->OPT1 traffics works as usual.

    Btw, I have to keep my IP at least on LAN, disabling OPT1 IP, it will take from OPT2. But if I disable for both LAN and OPT1, while relying on OPT2, all networking stops, can't get IP from DHCP, can't ping the router. Not sure what was the problem.

    My OPT1 is Wireless Lan, running in hostap mode

  • You could try something like this….

    WAN (10Mbit)

    ---->qInside(no limit)
    ---->qInternet(limit 25Mbit)

    Then for the firewall rules, on the LAN tab you could have something like
    pass/block    Proto    Source      Destination          Queue

    1. pass      TCP/UDP    any        OPT1 addresses    qInside
    2. pass      TCP/UDP    any        LAN address          qInside
    3. pass        UDP      any        any                    qVoip
    4. pass        TCP      any        any                    qACK/qDefault

    or something.  The main thing is to have a separate parent queue on the LAN interface for traffic coming back from the WAN vs traffic from OPT1.  Seems like this should work, I don't have a OPT1 myself, but I use the second rule to keep my slow WAN speed from slowing down my access to the webconfigurator on the pfSense box itself, but probably not an issue with a 25Mbit WAN!!!

  • Hello pwipf

    Thank you for your help.
    I have not tried it yet, but it makes sense and it seems like a solution that should work. I will try to implement it in a few days time.

    Best regards, Anders

  • I think that the traffic shaping wizard on the new snapshots does something similar to this, I have not really looked at it but I would recommend having a go with that.

  • Ye, it looks familiar to how the wizard creates queues. But nice explained though!

    How I see it, the Queues are actually the ones creating bandwidth limits for ip adresses, aliases, interfaces, whatever… No need for LIMITERs as I see it.
    Or what?

    I have tried with limiters the past few days, but cant seem to make them work as intended :(


Log in to reply