Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic Shaping Queries

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tidus99
      last edited by

      Currently playing with the traffic shaper using the 2.0 stable release. I have read information on the traffic shaper and read a couple of posts that seem similar but I wanted to pose my question specifically for our environment.

      I am testing Pfsense with a LAN & single WAN interface. Either end of the network I have a single desktop PC
      With a few basic rules I have communication between the two machines

      On the traffic shaper I have created an ICMP In and ICMP Out for the WAN interface & a third mandatory default queue
      I have then added firewall floating rules for the traffic: -

      WAN Interface > Direction Out > ICMP (echo request) > source is the LAN PC's IP and destination any > ICMP Out queue added > (Apply the action immediately on match ticked)
      If I ping from the LAN PC to the WAN PC the queue status shows traffic on the ICMP Out queue

      WAN Interface > Direction In > ICMP (any) > source is any and destination is the LAN PC's IP > ICMP In queue added > (Apply the action immediately on match ticked)
      This does not show the return traffic or ICMP reply packets as I expected it would. The ICMP In queue does show traffic If I ping from the WAN PC to the LAN PC though.

      I have played about with changing the rules so they are more open & also tried with rules on the actual WAN interface as opposed to the floating tab. However I am never able to queue the return traffic or see it in the default queues.

      Is it possible to shape the inbound & outbound exchange of packets on a single interface?

      Thank you for reading and hopefully someone can assist!  :)

      1 Reply Last reply Reply Quote 0
      • T
        tidus99
        last edited by

        Can anyone on the forum help me with my queries? I am eager to go back to testing so that the device can be put into production.

        Thank you!

        1 Reply Last reply Reply Quote 0
        • D
          dreamslacker
          last edited by

          It doesn't work from WAN to LAN because the unit is in NAT mode.  You can't expect to ping from WAN to LAN without a port forward done for that purpose (and even then, to ping to that port on the WAN side).

          If you ping from LAN to WAN and there is a response, it means that communication works both ways (obviously, the packets need to return through WAN to LAN in order for the ping to be successful).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.