Help with traffic shaping only setup
First I would like to say thank you in advanced and that I am new to pfS. I am looking to setup the pfS box for traffic shaping for the internet only.
I have a pfS box with 2 NICs (WAN/LAN) and I have created a bridge between them.
Set an IP on the bridge
DHCP=Off / NAT=Off
I have created allow all rules on the WAN, LAN and Bridge but left the floating empty.
I have the pfS box installed as follows. Modems>Bonding device>pfS>Firewall>Core switch>DHCP Server and clients
I ran the wizard and picked the VoIP@96kbps, P2P@5% and set a few items to a higher priority (ICMP, http, mail protocols and RDP)
From my understanding and from what I see when I run the wizard, it appears that the firewall floating rules take precedence over the other interface rules. Is this correct?
Also I have multiple LAN subnets. I do not need them to communicate with each other but I need them all to b filtered by the pfS box.
Do I need to add each subnet as a VLAN then add them to the bridge?
Someone correct me, but can you shape between the Wan and Lan when bridged, I can't imagine this works. You would need to route or nat.
Generally the interface rules are used for pass, block, or reject and floating is used to match and perhaps modify typically for traffic shaping. I'm not sure if floating takes precidence over interface queue (matching) rules. I simply wouldn't create a rule in interface that conflicts with a floating rule then you don't need an answer.
Do you need VLAN's to each subnet? More simply you could add subnets to the PfSense Lan using Gateways. From this PfSense will create the matching Routes for you, next tab over.