Limiters in bridge not working as expected (not symmetrical)



  • Hello

    First, sorry by my poor english, hope you understand me.

    I have a data circuit from an ISP and have a router with 16 IPs subnet. I need to connect one machine to one of that IPs and limit bandwitdh to 5Mbit/s up and down.

    I've setup a test platform to configure the pfSense box before going to real.

    I want to use a pfSense box for this and i have an Alix with 2.0.2 to do it (i tried with 2.0.1 also but had problems solved with 2.0.2, even i continue having problems as you see below).

    I want the pfSense box to be a transparent or bridged firewall, i've done all my best and tried everything i found in the net but i have this problem: I can't get the 5Mbit in two directions, or not simmetrical, I can get 5 Mbit/sec in one direction or the other, but if i generate traffic in both directions, i get 5Mbit/seg in total (you understand me, perhaps 2 Mbit in one direction and 3 in the other).

    As i said before, i'm unable to resolve this, please help me if you know what i'm doing bad.

    For tests my setup is this (Also a computer is connected to LAN to manage the box):

    [Computer A]–-----[OPT1][pfSense][WAN]–-----[Computer B]

    The traffic test is done with scp in both directions (i copy a file from a computer to other and viceversa)

    I've create a bridge in the pfSense box with OPT1 and WAN, Bridge0, then assigned to [OPT2], i've changed the System Tunables bridge.pfil_member to 0 and bridge.pfil_bridge to 1. I have disabled Automatic NAT and added rules to pass traffic.

    As i readed some were also added IPs to WAN, OPT1 and even OPT2.

    I've created limiters for upload and download, with 2 children everyone of then and used the parent and the children, in OPT1 and WAN and OPT2 (the bridge), at the same time (in interfaces and the bridge) and only one of them also.

    I have these limiters (Parents and childs):

    limiter_download (5Mbit/sec)
      -limiter_download_to_opt1
      -limiter_download_to_wan

    limiter_upload (5Mbit/sec)
      -limiter_upload_to_opt1
      -limiter_upload_to_wan

    I have configured for example:

    In the bridge (rule in OPT2) limiter_download to IN and limiter_upload to OUT

    I have also tried in (as saw here: http://forum.pfsense.org/index.php/topic,40542.0.html ):

    WAN IN/OUT limiter_download_to_wan/limiter_upload_to_wan
    OPT1 IN/OUT limiter_ipload_to_opt1/limiter_download_to_opt1

    Also tried to put only in IN in WAN an OPT1 (limiter_download and limiter_upload in IN/OUT)

    Attached are pictures where you can see what happens to traffic. First i start one transfer (in one address) and when it's at stable 5Mbit then start the other direction, you see what happens. Also there is another picture that includes the limiter's status.

    Any idea?

    Thanks!




Locked