Transparent Firewall with Shaping



  • Hello all,

    I'm currently using ClearOS. I have 4 WANS from same ISP, all 4096/1024. I have applied bandwidth limitations to each user and I have changed the default rule to drop all packets and only allow those who match criteria (IP + MAC). The problem with my current setup is that lots of websites dont like when you use load balancing. Thats why I am trying to setup a transparent firewall with which i can restrict users on IP + MAC based criteria and also can throttle bandwidth on per IP bases. Is this achievable with pfsense. Please point me in the right direction.



  • Yeah you can do shaping with a transparent firewall. I'm not sure how that would change anything with your load balancing though.



  • Transparent firewalling doesn't solve the load balancing problem. The issue there lies in session persistance. If client A starts a session with Host, and it's delivered via Connection 1, then any further connections sent to Host, for Client A, are expected to come from Connection 1. If they get balanced over to Connection 2, problems arise.

    If you've got a fairly static list of clients, then you could set up hard rules, so that Clients A-C always use Connection 1, and Clients D-F always use Connection 2. You can set up failover groups to help further with this.



  • I agree with both u guys….well my client list is static and instead of load balancing, I am thinking about distributing my clients among the 4 ADSL routers, but i want a firewall placed before them which is transparent and can shape traffic and block/allow on MAC/IP based ACLs, So if Pfsense can do it I will migrate. Right now i have set some source based rules on my COS but sometimes they work and sometimes they dont. thats why i am looking for some other solution. Thanks in advance



  • From what I understand you want, yes, pfSense should do this just fine.


Log in to reply