Multi-Subnet, limiter only for WAN connection



  • I have a pfSense connected with 2 WANs and 3 LANs at a large network. I'll call them WAN-A, WAN-B, LAN-A, LAN-B, and LAN-C for this question.

    WAN-A is a 6M/2.0M connection
    WAN-B is a 1.5M/1.5M connection

    I am having problems with users saturating the bandwidth, and I want to use a limiter to keep any one user from hogging all the bandwidth. I created a limiter and used a firewall rule to enable that limiter for LAN-A, but that means that traffic LAN-A to LAN-B or LAN-C is limited, too.

    I want to limit traffic from LAN-A to WAN-A or WAN-B, without affecting traffic from LAN-A to either of the other LANs.

    How do I do that?



  • create rules sourcing from LanA and destined to LanB & LanC without that limiter, place those above your LanA to Any rule.



  • @Metu69salemi:

    create rules sourcing from LanA and destined to LanB & LanC without that limiter, place those above your LanA to Any rule.

    Awesome. I read this, and hit a sort of "duh" moment. :-)

    I was trying to create a rule from LanA to "WanA Network" to create the rule, but it wasn't applied for any traffic that went through WanA, only ended at WanA.

    Thank you very much. Your answer is very helpful!



  • Alternatively, make use of Aliases and 'Not'.

    Create an Alias with the subnets of LAN A, B & C.

    Call this alias:  LocalSubnets

    In your firewall rule(s) applying the limiter(s), just set the destination as "Not" (checkbox) Alias "LocalSubnets".

    Depending on how many rules you have applying limiters and all, either of the methods would be simpler to apply.


Locked