Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Transparent Firewall with Shaping

    Routing and Multi WAN
    3
    5
    1530
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      meernabeel last edited by

      Hello all,

      I'm currently using ClearOS. I have 4 WANS from same ISP, all 4096/1024. I have applied bandwidth limitations to each user and I have changed the default rule to drop all packets and only allow those who match criteria (IP + MAC). The problem with my current setup is that lots of websites dont like when you use load balancing. Thats why I am trying to setup a transparent firewall with which i can restrict users on IP + MAC based criteria and also can throttle bandwidth on per IP bases. Is this achievable with pfsense. Please point me in the right direction.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Yeah you can do shaping with a transparent firewall. I'm not sure how that would change anything with your load balancing though.

        1 Reply Last reply Reply Quote 0
        • T
          tacfit last edited by

          Transparent firewalling doesn't solve the load balancing problem. The issue there lies in session persistance. If client A starts a session with Host, and it's delivered via Connection 1, then any further connections sent to Host, for Client A, are expected to come from Connection 1. If they get balanced over to Connection 2, problems arise.

          If you've got a fairly static list of clients, then you could set up hard rules, so that Clients A-C always use Connection 1, and Clients D-F always use Connection 2. You can set up failover groups to help further with this.

          1 Reply Last reply Reply Quote 0
          • M
            meernabeel last edited by

            I agree with both u guys….well my client list is static and instead of load balancing, I am thinking about distributing my clients among the 4 ADSL routers, but i want a firewall placed before them which is transparent and can shape traffic and block/allow on MAC/IP based ACLs, So if Pfsense can do it I will migrate. Right now i have set some source based rules on my COS but sometimes they work and sometimes they dont. thats why i am looking for some other solution. Thanks in advance

            1 Reply Last reply Reply Quote 0
            • T
              tacfit last edited by

              From what I understand you want, yes, pfSense should do this just fine.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post