Strange behaviour with floating limiter rule on wan interface

LiquidSmoke

Hi,

I've migrated our Internet connection to a shared one (60/60 fiber) and want to limit the max bandwidth to 20mb in and 20mb out to be fair to the users of this connection.

My setup: fiber modem –-- pfsense ---- multiple lan (5 vlans)

I'm using PfSense 2.0.1 and have squid/squidguard installed for proxying, monitoring and blacklisting. On a normal day there are about 200 users.

To achieve the bandwith lmitations i've created two limiters; wan_limit_in and wan_limit_out with a 20mb bandwidth setting, and no source mask. The next step was to create a floating rule with the following settings:

Action: Pass
Interface: WAN
Direction: Out

In/Out: wan_limit_in / wan_limit_out

When I apply this rule some strange things happen;

-Some clients can connect perfectly to the internet and the limits are applied.
-A lot of clients cannot connect anymore and everything times out.
-Rebooting the client doesn't work, although sometimes refreshing the dhcp lease works.

I've tried clearing the firewall states and rebooted PfSense to no avail.

Anybody experienced this odd behavior or am I missing something here?

supermega

Hi LiquidSmoke

Can the clients ping to the wan ?

We had a smiliar issue already. Check out this thread

http://forum.pfsense.org/index.php/topic,67012.0.html

regards

supermega