How to mark traffic on WAN interface?
-
1 x LAN and 2 x WAN
I want to tag all the traffic on WAN1 and WAN2, use floating matching rule on LAN interface to apply queue based on tag.
Is this possible?
Thanks!
-
Something like this?
-
WAN1 = 8 Mbits
WAN2 = 100 Mbits/ < LAN1 <
Users < FAILOVER WAN1 / WAN2
\ < LAN2 <I want to limit download speed on LAN interface (limit downloads of users). The main problem is that I want to use FAILOVER.
I cannot create rules on LAN interfaces which know from which WAN interface packets are coming!
After lot of tests I see that tagging applies only to new incoming packets(SYN), but not to established connections!Help me please.
Sorry for my english.
-
How many LANs do you have?? Let's assume you have only 1 LAN.
The easiest solution for this is to queue traffic with floating rules, action queue, direction out, on each of the WANs. Be careful because you are queueing out of the interface, so at this point NAT has already occurred, the packet being queued has its source IP changed already (simply put, don't specify a source IP on the floating rule). Also, make sure that the allow rules on the LAN interface are not applying any queue because these will override the ones you selected on the floating tab.
Now, if you have 2 or more LANs… There is no simple solution. The reason is that you cannot have a download queue that applies to more than 1 interface at a time.
Possible solutions would be:- Another pfSense box, bridged, which does the shaping
- Bridge the LAN interfaces and apply the shaper to the bridge
- Use VLANs on the same physical interfaces, apply the shaper to it
-
Ok. Thank you for help!