Limiter to control guest networks bandwidth only works with a pass all rule ?



  • Hi,

    I am currently using PFSense 2.0-RELEASE (i386). Not updated yet as this device is in use almost constantly but i have checked the release notes to see if anything in the update may be related to my problem. Nothing obvious jumps out at me.

    I have the pfsense router / firewall setup with 3 physical ports (two for WANs and the other one for LANs). The two WAN ports are setup for failover / load balancing etc and are PPPoE. The Physical LAN port anchors several VLAN interfaces including one for a guest network. I have setup the following with regards to limiters

    Two rules : InLimitGuest and OutLimitGuest. Both rules are set with the appropriate bandwidth limit and masks are set to "none". All other settings are default.

    The problem is i have specific rules for our guest network (VLAN) filtering access for guest users to services on the internet to DNS, WEB and Email. The rules also prevent access to our other VLANs.

    If i apply the limiters against each of these rules on the VLAN it does not work.

    however if i create a pass all rule (with the limiters in place) that allows the source (guest network VLAN) to connect to any service and place it at the top of the rule list for the guest network the limiter is applied and works as expected

    The issue i have with this, is that it also appears to allow the guest to have access to all services on the internet and in effect forces the lower rules to be ignored.

    It is as if the firewall does not implement the limiter on the more defined filters currently in place.

    any help would be appreciated. i have searched the forum with little joy. one article mentioned changing the gateway from default to the WAN specifically. I have tried all variations of this.

    regards

    jim


Locked