Strange behaviour with floating limiter rule on wan interface



  • Hi,

    I've migrated our Internet connection to a shared one (60/60 fiber) and want to limit the max bandwidth to 20mb in and 20mb out to be fair to the users of this connection.

    My setup: fiber modem –-- pfsense ---- multiple lan (5 vlans)

    I'm using PfSense 2.0.1 and have squid/squidguard installed for proxying, monitoring and blacklisting. On a normal day there are about 200 users.

    To achieve the bandwith lmitations i've created two limiters; wan_limit_in and wan_limit_out with a 20mb bandwidth setting, and no source mask. The next step was to create a floating rule with the following settings:

    Action: Pass
    Interface: WAN
    Direction: Out

    In/Out: wan_limit_in / wan_limit_out

    When I apply this rule some strange things happen;

    -Some clients can connect perfectly to the internet and the limits are applied.
    -A lot of clients cannot connect anymore and everything times out.
    -Rebooting the client doesn't work, although sometimes refreshing the dhcp lease works.

    I've tried clearing the firewall states and rebooted PfSense to no avail.

    Anybody experienced this odd behavior or am I missing something here?



  • Hi LiquidSmoke

    Can the clients ping to the wan ?

    We had a smiliar issue already. Check out this thread

    http://forum.pfsense.org/index.php/topic,67012.0.html

    regards

    supermega


Log in to reply