Policy based routing dynamically based on changing conditions



  • i setup a pfsense box for a cybercafe with 2 gateways one for normal web browsing and one for online games
    games traffic will be routed to second gateway based on its ports

    what i want is no one is using the second gateway (game gateway) i want to make it in to a gateway group with the first gateway and make it useful

    so is there a way to make normal traffic use gateway group only if game gateway is idle and reset connections on game gateway or redirect them to normal traffic gateway if game gateway is used by its rules from firewall



  • No. Not possible.

    What you could do is use traffic shaping to give gaming a higher priority on a certain wan.
    (see traffic shaping subsection for details)



  • but download traffic shaping is not good with games there is a lot of spikes i have 4mb (3500kbit) and limited to 3000kbit to control it and still get a lot of spikes

    i didn't use traffic shaper i use limiter but i think do the same to control traffic or to manage it

    limited my bandwidth to 3000kbit and see in traffic graph that i'm using 3.4-3.6mbit no less so i think traffic shaper can't control download stream immediately it take some time(in ms) to use congestion control to control download stream

    if there is alot of opening and closing connections

    which made me go to policy based router to manage traffic for games

    btw i have 2 gateways 2mbit for gaming and 4mbit for other traffic



  • You could force certain services, say HTTP, HTTP, SMTP, FTP etc. to go out WAN2 and thus leave WAN available for gamers, by setting specific LAN firewall rules to use specific WAN2 gateway under advanced –> Gateway options on each firewall rule for certain services.

    I know it's not exactly what you are looking for, but, it will help.

    You could take it one step further and create 2 gateway groups WANgamers with WANgw in it Tier 1 and WAN2gw in it Tier2 and a second gateway group called say WANgeneral with WAN2gw in it Tier 1 and WANgw in Tier 2.

    That way, each Gateway Group will have redundancy and failover to the other WAN, but, prefer to use a different WAN gateway normally.

    Then, your firewall rules will ALWAYS reference a specific gateway group, either WANgamers (which prefers to use WAN) or the WANgeneral gateway group which prefers to use WAN2.

    I hope that helps.


Log in to reply