Traffic Shaper and port number tracking clarification please.
-
Hi Guys…
I'm wondering exactly how is the traffic shaper working when the security for pf changes the port number?
For instance, I've set up the traffic shaper for qWeb limits of say 5% on both HTTP and HTTPS ports. That is port 80 and 443.
But when I check States (see attached) the only place I see port 80 is at the destination IP Address. The port listed on the LAN and WAN interface is not Port 80. I'm assuming here, this is not being shaped for qWEB but for qOthers traffic.
How then to make it work the way it should if my assumption is correct?
Thanks, Jits.
-
You're overthinking things too much there.
In the floating rules, port 80 is the destination port. In your states it's also the destination port. The rules match the state, so it's doing the right thing. It does not matter if the traffic comes in LAN or exits WAN and hits the floating rule, the destination port is still 80 so the rule matches.
The source port doesn't matter, that does get rewritten, but that isn't ever checked in those rules, only the destination, which is 80.
Shaping is setup when a connection state is setup, and when it's created, the return traffic is considered using that state, not a different shaper rule.
-
Ok. Thanks for the clarification. I understand now.
Jits.
