Problem: when i active limiter on lan, I have high latency on gateway!!
-
I explain myself:
Wan with 4mb hdsl synchronous. Lan with gateway ip 192.168.11.1.
From client i ping my gateway (of course, pfsense lan with ip 192.168.11.1) with ping 192.168.11.1 -t and this is the result:Reply from 192.168.11.1 bytes=32 time<1ms TTL=64 Reply from 192.168.11.1 bytes=32 time<1ms TTL=64 Reply from 192.168.11.1 bytes=32 time<1ms TTL=64 Reply from 192.168.11.1 bytes=32 time<1ms TTL=64 Reply from 192.168.11.1 bytes=32 time<1ms TTL=64but when i apply a simple limiti bandwich (800kbit for exanple), when i launch ping to my gateway from my client with ping 192.168.11.1 -t and this is the result:
Reply from 192.168.11.1 bytes=32 time=160ms TTL=64 Reply from 192.168.11.1 bytes=32 time=203ms TTL=64 Reply from 192.168.11.1 bytes=32 time=100ms TTL=64 Reply from 192.168.11.1 bytes=32 time=43ms TTL=64 Reply from 192.168.11.1 bytes=32 time=153ms TTL=64 Reply from 192.168.11.1 bytes=32 time=182ms TTL=64This make me crazy!! i don't found solution
-
It's being limited, just like you told it to do.
If you don't want the pings to be limited, pass them in a rule that does not use the limiter.
-
sorry jimp, but i think that this is not correct.
If i ping my gateway, i'm in the same network, right? so, why ping duration is increased?
Maybe i have found a little logical solution, but i'm trying it.
My situatition:
one pfsense with wan and lan ahead all, behind anothers pfsense with many lan.
I try to schematize you thiswan - pfsense ahead - lan –----- nat 1:1 public ip01 ----- wan - pfsense guest01 - lan1
------- nat 1:1 public ip02 ----- wan - pfsense guest02 - lan2
------- nat 1:1 public ip03 ----- wan - pfsense guest03 - lan3 ---- vlan1
-----vlan2
-----vlan3i have applied the limiter on lan pfsense ahead with this sintax:
ID Proto Source Port Destination Port Gateway Queue Schedule Description
IPv4 * ip wan pfsense behind * * * * nonein this rule is applied the limiter.
How about it?
-
Any traffic that matches the limiter is limited, same network or not.
If pfSense is 11.1 and the LAN rule is set to limit traffic from LAN net to any, then it's using that rule to pass.
You need rules like this:
pass from LAN net to local networks – no limiters
pass all from LAN net to any -- with limiters -
tnx jimp, i will try it!
One question: why if i select (in trafic shaper) "destination" for "in" trafic and "source" for "out" trafic, i have not the same problem?
so, the correct rule is as:
pass from LAN net to local networks (192.168.11.0/24) – no limiters
pass all from LAN net to any -- with limitersin my case, for second rule, i use a ip source, because behind my pfsense lan i have another router (customer's router) so i apply on it the nat 1:1
I try to schematize this case:
wan - pfsense ahead - lan 192.168.11.1 ------- nat 1:1 public ip01 on 192.168.11.2 ----- wan (192.168.11.2) - router guest guest01 - lan1regards
-
little update: i have rebooted my pfsense and now all is ok.
Ok ping, ok limiter.
But i have another problem, i hope that is a little problem.in my case i have:
wan - pfsense guest03 - lan1
- lan2
- lan3If i try to ping from lan1 to lan2, it run. But this is not right, because each lan is for one customer.
I try with this step:
- i created aliases with: Type: network(s) and 192.168.0.0 CIDR 16, in this mode i have all local lan in an alias.
- i created 3 rule for each lan, in this mode:
a) pass from LAN net to LAN net – no limiters
b) block from alias to alias -- no limiters
c) pass from LAN net to any --- with limiters
Now, i have a good ping, i have my limiters and i cannot ping other lans from my lan.
But i want ask: can i do this with Interface Groups?
I thins that this is more simple and fast. One rule for all interfaces!Tnx for your reply
