Limiters bypassed [self-resolved]



  • Hi,

    I'm currently trying to find why some traffic is not limited correctly.

    I have a Pfsense VM box (NAT is disabled and in manual mode) with a WAN (25mbits full duplex) and multiple LAN subnets. Each LAN subnet have public IPs. These subnets are all routed through the WAN and limited to 10mbits UP and DOWN. Each LAN has a floating rule that redirects all traffic through IN and OUT limiters.

    When I make a test with my laptop, download and upload are correctly limited to 10mbits.

    But each night, one of those subnet can upload at 20 mbits continuously… And I can't figure out why... I double check all settings, rules.

    Here's limiters output for this LAN :

    Limiters:
    00001:  10.000 Mbit/s    0 ms burst 0
    q131073  50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
    sched 65537 type FIFO flags 0x1 256 buckets 1 active
        mask:  0x00 0xfffffffc/0x0000 -> 0x00000000/0x0000
    BKT Prot Source IP/port_ Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
    29 ip    21X.1XX.188.80/0            0.0.0.0/0    5673  698595  0    0  0
    00002:  10.000 Mbit/s    0 ms burst 0
    q131074  50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail
    sched 65538 type FIFO flags 0x1 256 buckets 1 active
        mask:  0x00 0x00000000/0x0000 -> 0xfffffffc/0x0000
    BKT Prot Source IP/port_ Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
    43 ip          0.0.0.0/0      21X.XXX.188.80/0    4633  4668811  0    0  90

    Is there a way to bypass those limiters.

    I have the same issue with 2.1 and 2.1.1.

    Thanks



  • Ok found the issue…

    The transfer was initiated from INTERNET (WAN to LAN), so it was bypassing my limiter rule.

    I created another floating rule from WAN to LAN with the same limiters (but in reverse order) and now it's working.



  • Hi there,

    For your WAN to LAN floating rule, did you set WAN as the interface and direction as "in"?

    Thanks!
    msu


Log in to reply