4. Traffic Shaping Queries

Traffic Shaping Queries

  • T

    Currently playing with the traffic shaper using the 2.0 stable release. I have read information on the traffic shaper and read a couple of posts that seem similar but I wanted to pose my question specifically for our environment.

    I am testing Pfsense with a LAN & single WAN interface. Either end of the network I have a single desktop PC
    With a few basic rules I have communication between the two machines

    On the traffic shaper I have created an ICMP In and ICMP Out for the WAN interface & a third mandatory default queue
    I have then added firewall floating rules for the traffic: -

    WAN Interface > Direction Out > ICMP (echo request) > source is the LAN PC's IP and destination any > ICMP Out queue added > (Apply the action immediately on match ticked)
    If I ping from the LAN PC to the WAN PC the queue status shows traffic on the ICMP Out queue

    WAN Interface > Direction In > ICMP (any) > source is any and destination is the LAN PC's IP > ICMP In queue added > (Apply the action immediately on match ticked)
    This does not show the return traffic or ICMP reply packets as I expected it would. The ICMP In queue does show traffic If I ping from the WAN PC to the LAN PC though.

    I have played about with changing the rules so they are more open & also tried with rules on the actual WAN interface as opposed to the floating tab. However I am never able to queue the return traffic or see it in the default queues.

    Is it possible to shape the inbound & outbound exchange of packets on a single interface?

    Thank you for reading and hopefully someone can assist!  :)

    0
  • T

    Can anyone on the forum help me with my queries? I am eager to go back to testing so that the device can be put into production.

    Thank you!

    0
  • D

    It doesn't work from WAN to LAN because the unit is in NAT mode.  You can't expect to ping from WAN to LAN without a port forward done for that purpose (and even then, to ping to that port on the WAN side).

    If you ping from LAN to WAN and there is a response, it means that communication works both ways (obviously, the packets need to return through WAN to LAN in order for the ping to be successful).

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy