Need help creating rule

mhertzfeld

Hello,

I'm running PFSENSE 2.2.3 and need help creating a rule for Traffic Shaping.  I am using Priority shaping and have some basic rules created by the wizard.

What I would like to do is have all outbound traffic from a specific local IP be placed in the the low priority queue.

I tried to do this through the wizard by using the penalty box, but this did not appear to work.  I say that it did not appear to work because I did not see any traffic in the low priority queue when I was uploading a large file from that IP.  I had performed a refresh of the rules and reset the states before I started uploading the file and checking the queue.  Best I can tell is that the traffic is being placed in the high priority queue.

The penalty box rule created by the wizard is set to match, the interface set to WAN and the source IP address set to the IP Address I specified.  I tried setting the quick option to see if that would help but it did not.

Also, the file I am uploading is being sent to a remote server by way of HTTPS.  I know the wizard created rules for HTTP and HTTPS and I suppose it would not surprise me that the traffic is being placed into the high priority queue because of the HTTPS rule.  However, I assumed by having the penalty box rule at the top of the list and having the quick option selected that the firewall would have chosen the penalty box rule over the HTTPS.

Any help would be appreciated.  I've been trying to brute force my way through this by trying lots of different combinations of settings on this rule, but I cannot get the results I want.

KOM

Create a pair of Floating Rules with action Match:

1.  Source is your LAN IP, Target is *, Queue is your low-pri queue
2.  Source is *, Target is your LAN IP, Queue is your low-pri queue

That should do it.

gratis.obake

@KOM:

Create a pair of Floating Rules with action Match:

1.  Source is your LAN IP, Target is *, Queue is your low-pri queue
2.  Source is *, Target is your LAN IP, Queue is your low-pri queue

That should do it.

hello KOM,

if you may add up a little.
which is selected for INTERFACE? (LAN or WAN)
which is selected for DIRECTION? (IN or OUT)

thanks

Derelict

1. LAN IN
2. LAN OUT

LAN any for both would work too.

Rule 2 is only necessary if you want to assign traffic for connections initiated from the outside that are port forwarded to the target host to the queue.

KOM

if you may add up a little.

Sorry, I could have been more clear.  You can do as Derelict says, but I believe you can get the same result leaving the Interface unselected and the Direction set to any.  This is the way the wizard created these rules for me as a one-size-fits-all approach.

gratis.obake

@KOM:

if you may add up a little.

Sorry, I could have been more clear.  You can do as Derelict says, but I believe you can get the same result leaving the Interface unselected and the Direction set to any.  This is the way the wizard created these rules for me as a one-size-fits-all approach.

ok, thanks, that helps me with your info.

gratis.obake

@Derelict:

1. LAN IN
2. LAN OUT

LAN any for both would work too.

Rule 2 is only necessary if you want to assign traffic for connections initiated from the outside that are port forwarded to the target host to the queue.

I'll take note of this also.

mhertzfeld

I got it working.  The direction was tripping me up.

Thanks all!