Server's Traffic that i permitted getting limitted

Derelict

Just attach screenshots when you post.

Rules are evaluated top down, first match stops processing. Post your Firewall, Rules, LAN tab list

So if you have a host on LAN net that you want to be treated differently, that rule has to be above more general rules.

Pass IPv4 any source specific server dest any in/out none
Pass IPv4 any source LAN net dest any in/out limiters

Not sure why WAN net is an internal network. That's pretty confusing.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Arief

@Derelict:

Just attach screenshots when you post.

Rules are evaluated top down, first match stops processing. Post your Firewall, Rules, LAN tab list

So if you have a host on LAN net that you want to be treated differently, that rule has to be above more general rules.

Pass IPv4 any source specific server dest any in/out none
Pass IPv4 any source LAN net dest any in/out limiters

Not sure why WAN net is an internal network. That's pretty confusing.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Sorry my bad, so i've created pfsense server in VM and this vm located in my server, and in my office, The address segment of all server is 192.168.0.x And for all of users who use internet is 192.168.200.x. So i created pfsense with 2 NIC, first NIC is wan segment(192.168.0.254) and the second is LAN segment(192.168.200.254).
I make a rule for limit the internet usage, and unlimit access to WAN and access to our another server(i make an alias and give name "intranetalias"), So here is my rule
Here i Attach the tab list

![tab list.png](/public/imported_attachments/1/tab list.png)
![tab list.png_thumb](/public/imported_attachments/1/tab list.png_thumb)

Environment.png_thumb

Derelict

Why are all your rules TCP-only?

KOM

Also, WAN Net is not the Internet in general, it's just the network your WAN is on. Rules 2 & 3 are useless since the same access is handled by rule 5. You could delete them and get the same results.

Derelict

Look at the diagram again. WAN is not WAN but is another LAN/OPT. Nice and confusing.

KOM

Look at the diagram again.

I didn't look at it the first time ;D

OK, disregard what I said about that.

Derelict

Probably still has a gateway set on it.

Arief

@Derelict:

Why are all your rules TCP-only?

i just want to make rules for 192.168.200.x
what did i do wrong? can you give me some example for create pfsense correctly? because if i deleted all of that rules and transfer data to my another server i just have 300-400KB/s but without pfSense i can have 7-8MB/s speed.

Derelict

TCP is just one protocol. You probably also want UDP and ICMP. Change the TCPs to any unless you know you are dealing with TCP ports.

Derelict

@Arief:

@Derelict:

Why are all your rules TCP-only?

i just want to make rules for 192.168.200.x
what did i do wrong? can you give me some example for create pfsense correctly? because if i deleted all of that rules and transfer data to my another server i just have 300-400KB/s but without pfSense i can have 7-8MB/s speed.

I suggest you blow out the config and start over. Make WAN to interface going to your upstream, and make LAN for your LAN. Get everything routing how you want THEN add OPT1 for the other segment. Get everything routing how you want THEN worry about the limiters.

Arief

@Derelict:

I suggest you blow out the config and start over. Make WAN to interface going to your upstream, and make LAN for your LAN. Get everything routing how you want THEN add OPT1 for the other segment. Get everything routing how you want THEN worry about the limiters.

Wait, i got a little confused. So i need to provide 3 NIC and the wan ip is 192.168.0.1?

Derelict

According to your diagram the WAN IP should be 192.168.0.x and the gateway should be 192.168.0.1 but we only know what you have posted.

Arief

@Derelict:

According to your diagram the WAN IP should be 192.168.0.x and the gateway should be 192.168.0.1 but we only know what you have posted.

Oh yes, i fill in the upstream gateway for wan is 192.168.0.1 but the WAN IP is 192.168.0.254

Arief

So i should build configuration like this?

should.png_thumb

Derelict

Yes that makes a lot more sense.

Arief

@Derelict:

Yes that makes a lot more sense.

Wait, 192.168.0.1 is my gateway. will it conflict if i put WAN ip address 192.168.0.1?

Derelict

Of course. You said WAN IP was .254

Arief

@Derelict:

Of course. You said WAN IP was .254

Sorry i don't understand, so when i set interface(s) ip address, i should put 192.168.0.1 in WAN IPv4 Address?
will it affect my current gateway?

Derelict

Your WAN IP address should be something other than your gateway IP address.

IP addresses on a subnet must be unique.

Arief

@Derelict:

Your WAN IP address should be something other than your gateway IP address.

IP addresses on a subnet must be unique.

oh i just got it, the reason i build that confusing configuration because the upstream gateway(192.168.0.1) is internet gateway in my office.
and if i want to built configuration like u suggested, how do i can connect to internet, should i put the upstream gateway anyway?