Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Turn off NAT with Shaper possible?

    Traffic Shaping
    4
    7
    3221
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      EmL last edited by

      Hi,

      i'd read that transparent bridge mode is not possible with rules in 2 directions. My plan now is to configure pfSense as a router without NAT (i think i can do this with advanced outbound nat settings) and put it in front of a other router.

      Here is what i want to do:

      <=== (LAN 192.168.100.X) pFsense (WAN 192.168.200.X) <===> (192.168.200.X) Other Router doing NAT (WAN 123.123.123.13) ===>

      Is the shaper working in both (LAN<->WAN) directions under this circumstances? Or ist it a problem for the shaper if i'll try to turn of NAT …?!

      Thx

      1 Reply Last reply Reply Quote 0
      • S
        stechnique last edited by

        I don't have an answer to your question, but I achieved similar goals (from what I understand) using a setup like this:

        WAN (xx.xx.xx.xx) => pf WAN (192.168.15.1) => pf LAN bridged (192.168.16.1) => Cisco PIX with NAT, etc (10.0.x.x)
        pf was primarily used as a transparent bridge for traffic shaping. Worked a charm.

        1 Reply Last reply Reply Quote 0
        • E
          eri-- last edited by

          NAT has nothing to do with the shaper.

          1 Reply Last reply Reply Quote 0
          • C
            cmcquistion last edited by

            @stechnique:

            I don't have an answer to your question, but I achieved similar goals (from what I understand) using a setup like this:

            WAN (xx.xx.xx.xx) => pf WAN (192.168.15.1) => pf LAN bridged (192.168.16.1) => Cisco PIX with NAT, etc (10.0.x.x)
            pf was primarily used as a transparent bridge for traffic shaping. Worked a charm.

            Can you give more details about this?  I believe this is what I'm trying to achieve as well.  At the moment, I have a firewall that I don't really want to replace, I just want to put a pfSense box between the firewall and the router, in transparent mode, and have it do shaping for our VoIP traffic (and lower priority of P2P traffic.)

            Is this similar to your setup?  Can you tell me how you configured your traffic shaper rules in particular, or provide a screenshot?  There seems to be some conflicting information about how to get the shaper working in transparent bridge mode.

            On a related topic, I would also like to do transparent proxy caching, with pfSense, if it is possible with these other roles as well.

            1 Reply Last reply Reply Quote 0
            • S
              stechnique last edited by

              I don't have a screenshot since I have now removed the PIX environment and moved to an all-pfsense setup. I bridged LAN with WAN in the interfaces menu to make sure I had no NAT problems.
              My firewall rules were * * * * pass on all interfaces since I had the PIX already configured.
              I setup the traffic shaper with the wizard and then just changed the shaping rules to match my SIP packets (I use my SIP provider's network IPs as source to match packets). I used RED in the VoIP queues and tweaked the ACK queues' bandwidth settings to make sure shaper settings were optimal.
              Shaping worked right out of the box though, and it's easier to shape with this setup as described:

              ISP WAN <===> pf WAN <=BRIDGED=> pf LAN <===> existing router.

              1 Reply Last reply Reply Quote 0
              • C
                cmcquistion last edited by

                My SIP provider has several IP's it seems.  Can I set up the rule to watch the packets by their source or destination address of my Asterisk box?

                1 Reply Last reply Reply Quote 0
                • S
                  stechnique last edited by

                  Sure, there's several ways to make it work.
                  You could also just use the standard:
                  UDP * * 5060
                  UDP * * 10000-20000
                  In fact after running the shaper wizard, check queue status while making a call and it should already work pretty well for you.
                  I would tweak queue bandwidth and and RED to the VoIP queues but that's about it.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy