1. Home
  2. pfSense® Software
  3. Firewalling
  4. Yet another "cant make the rule working"

Yet another "cant make the rule working"

  • G

    greetings to all,

    I'm a pfsense newbie and I get a few tons problems with pfsense but I'll try to tackle each problem one by one.

    problem 1 of many:

    I have 6 computers at home, 1 acting as an iscsi server for the 5 other computers.
    these 5 computers are diskless and therefor sending/receiving huge amount of traffic on the LAN.
    server ip is: 192.168.1.222 (seen as lilserver in tcpview)
    client ip range is: 192.168.1.10x (seen as unit106.localdomain in tcpview)
    port used in the server for the iscsi is: 3260 (see tcpview screenshot)

    I have created something like this (please see screenshot attached)
    -LAN
    –qLink
    ---qCCBoot

    qLink have 990Mb bandwidth
    qCCBoot have 100% bandwidth

    and then created firewall rules in either floating or on LAN and direct them to qCCBoot queue (see screenshot attached)
    I did reset the firewall state table just to make sure also and reload the rules, but when I try to see the queue from GUI or console, it is still not going to the qCCBoot queue.

    I did try to run TCPView from windows and I do see it is using port 3260 from the server.

    what I'm trying to achieve is to move the iscsi (or whatever this diskless traffic is) away from qDefault queue.

    any help is appreciated. thanks in advance





    0
  • Derelict
    LAYER 8 Netgate

    server ip is: 192.168.1.222
    client ip range is: 192.168.1.10x
    port used in the server for the iscsi is: 3260 (see tcpview screenshot)

    If your iSCSI server and your clients are on the same subnet, pfSense isn't involved at all.  Look at your switch for DSCP or other QoS.  And don't overthink it.

    0
  • G

    thank you sir for your reply but I am at lost here :(

    I am assuming that what qDefault is also getting the packets from the iscsi communications between the server and the client, although it is indeed on the same subnet.

    edit–-
    my main concern is that qDefault is too much saturated on which I'm not doing anything at all for the connections.

    I don't know either how to view this specific packet that is running inside qDefault also :(

    0
  • Derelict
    LAYER 8 Netgate

    Traffic from one host on the local network to another host on the local network doesn't go through pfSense at all.

    0
  • G

    ok sir, I'll do take note of that, thanks for the explanation.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy