Traffic Shaping Queries
-
Currently playing with the traffic shaper using the 2.0 stable release. I have read information on the traffic shaper and read a couple of posts that seem similar but I wanted to pose my question specifically for our environment.
I am testing Pfsense with a LAN & single WAN interface. Either end of the network I have a single desktop PC
With a few basic rules I have communication between the two machinesOn the traffic shaper I have created an ICMP In and ICMP Out for the WAN interface & a third mandatory default queue
I have then added firewall floating rules for the traffic: -WAN Interface > Direction Out > ICMP (echo request) > source is the LAN PC's IP and destination any > ICMP Out queue added > (Apply the action immediately on match ticked)
If I ping from the LAN PC to the WAN PC the queue status shows traffic on the ICMP Out queueWAN Interface > Direction In > ICMP (any) > source is any and destination is the LAN PC's IP > ICMP In queue added > (Apply the action immediately on match ticked)
This does not show the return traffic or ICMP reply packets as I expected it would. The ICMP In queue does show traffic If I ping from the WAN PC to the LAN PC though.I have played about with changing the rules so they are more open & also tried with rules on the actual WAN interface as opposed to the floating tab. However I am never able to queue the return traffic or see it in the default queues.
Is it possible to shape the inbound & outbound exchange of packets on a single interface?
Thank you for reading and hopefully someone can assist! :)
-
Can anyone on the forum help me with my queries? I am eager to go back to testing so that the device can be put into production.
Thank you!
-
It doesn't work from WAN to LAN because the unit is in NAT mode. You can't expect to ping from WAN to LAN without a port forward done for that purpose (and even then, to ping to that port on the WAN side).
If you ping from LAN to WAN and there is a response, it means that communication works both ways (obviously, the packets need to return through WAN to LAN in order for the ping to be successful).