HFSC and Bridged Interfaces?



  • Hi All,

    I apologize if this has been asked before so it might just be a troubleshooting issue.  I've seen many posts saying HFSC works fine with bridged interfaces although I seem to be having issues.

    I have a LAN/WAN/DMZ(OPT1) setup and have HFSC tuned pretty well after spending hours experimenting, reading and learning. The WAN and DMZ are bridged while the WAN NAT's for LAN.  So I go ahead and use BRIDGE0 in HFSC and I see absolutely no traffic flowing through it in pfTop -s1 -v queue with a single match rule that dump into a qDefault.  However, if I try to shape WAN and DMZ interfaces individually, traffic shows up fine.

    Anyone have any ideas what I might be doing wrong?  I could just HFSC each WAN and DMZ individually but rather not since they share the exact same pipe and I'd rather not have to make explicit delineations of maximum upstream with one side not knowing what the other side is doing.

    Thanks in advance!

    Cheers,
    Kermee



  • You may need to enable net.link.bridge.pfil_bridge in System->Advanced->System Tunables to enable filtering on the bridge interface.

    There are other related net.link.bridge.* settings that you may want to look at as well, in System Tunables.



  • @Nullity:

    You may need to enable net.link.bridge.pfil_bridge in System->Advanced->System Tunables to enable filtering on the bridge interface.

    There are other related net.link.bridge.* settings that you may want to look at as well, in System Tunables.

    Thank you for the suggestion! It looks like all the tunables in regards to the bridge are correct on my install. Looks like this was working under 2.1.x but not under 2.2.x (I'm on 2.2.5) and it's been filed into a ticket; I should of looked/searched harder earlier:

    https://redmine.pfsense.org/issues/4405

    Guess I'm out of luck for now and either downgrade to 2.1.x or wait for the possibility that it's resolved in 2.3.  I think for now, I'll make due and wait.  :)

    Thanks again!

    Cheers,
    Kermee


Log in to reply