MissUnderstanding Floating rules
-
I have these floating rules that are having strange interactions with my port forwarding
Floating Order: Before
RuleName: LowUDP
Interfaces: WAN/LAN
Proto: UDP
Direction: Any
Ports/IPs: Any/Any
Queue: qLowUDPFloating Order: After
RuleName: BitTorrent
Interfaces: WAN/LAN
Proto: TCP/UDP
Direction: Any
IPs: Any
Ports: Any/52100
Queue: qACK/qP2PWAN Firewall rule
RuleName: BitTorrent
Interfaces: WAN
Proto: TCP/UDP
IPs: Any/192.168.1.2
Ports: Any/52100
Queue: qACK/qP2P
This one is port forwarded from the NAT.–-------------------------------------------------
Here's some PFTop queue information that seems a bit off
WAN:
qP2P 2976K hfsc 404K 412M 0 0 0 <-- notice lots of P2P traffic
qLowUDP 5952K hfsc 20177 12M 0 0 0 <-- notice almost no LowUDP trafficLAN:
qP2P 2976K hfsc 258K 75M 0 0 0 <-- Notice some P2P
qLowUDP 5952K hfsc 69308 41M 0 0 0 <-- Notice nearly the same amount of LowUDPWhat I am not understanding is when I look at wireshark, all of the UDP traffic is coming at me on port 52100. To me this means that some of my 52100 traffic is being sent to qP2P and some is being sent to qLowUDP.
The only reason I can think of this happening is some of the connection are initiated by me(LAN) and some are initiated by someone else(WAN). What I was expecting is LowUDP to have 0 traffic.
I have a similar setup with HTTP traffic, and it seems to work as expected. The main difference is I don't get connections coming in, it's always going out.
P.S. I did simplify this a hair bit as I have two P2P applications using two different ports setup the same way and having the same issue.
-
I wonder if I should have asked this in the firewall forum. Bump?