Hi *, I'm trying to segregate a symmetrical uplink with 20M coming in via a single WAN interface using limiters. My goal is to have a set of "catch-all" limiters - "allUp" and "allDown" for upstream and downstream respectively.
Furthermore I'd like to assign specific traffic based on the source address pushing it into another set of limiters/pipes providing a dedicated chunk of bandwidth e.g. for a respective department. Using the quick option I've placed two floating rules. The first assigns specific traffic based on a source alias pushing it into a set of limiters with with IDs 9 (ofcUp) and 10 (ofcDown). The second rule is supposed to catch all other traffic assigning it to IDs 1 (allUp) and 2 (allDown). Floating Rule #1 ----------------------------------8<-------------------------------------- Action: Match Quick: TRUE Interface: WAN Direction: Out TCP/IP Version: IPv4 Protocol: any Source: MyOffice Destination: any Gateway: WAN - 1.2.3.4 In/Out: ofcUp / ofcDown ---------------------------------->8-------------------------------------- Floating Rule #1 ----------------------------------8<-------------------------------------- Action: Match Quick: TRUE Interface: WAN Direction: Out TCP/IP Version: IPv4 Protocol: any Source: any Destination: any Gateway: WAN - 1.2.3.4 In/Out: allUp / allDown ---------------------------------->8-------------------------------------- The respective part of the rule set being generated: ----------------------------------8<-------------------------------------- [2.1-RELEASE][root@fw]/root(2): pfctl -sr | grep pipe match out quick on lagg0_vlan5 inet from <MyOffice> to any label "USER_RULE" dnpipe(9, 10) match out quick on lagg0_vlan5 inet all label "USER_RULE" dnpipe(1, 2) ---------------------------------->8-------------------------------------- Truncated output of "ipfw pipe show" ... ----------------------------------8<-------------------------------------- 00001: 6.000 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 1 active 0 ip 0.0.0.0/0 0.0.0.0/0 95 11019 0 0 0 00002: 12.000 Mbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail sched 65538 type FIFO flags 0x0 0 buckets 1 active 0 ip 0.0.0.0/0 0.0.0.0/0 22530 21581119 24 19361 7319 [...] 00009: 1.000 Mbit/s 0 ms burst 0 q131081 50 sl. 0 flows (1 buckets) sched 65545 weight 0 lmax 0 pri 0 droptail sched 65545 type FIFO flags 0x0 0 buckets 0 active 00010: 1.000 Mbit/s 0 ms burst 0 q131082 50 sl. 0 flows (1 buckets) sched 65546 weight 0 lmax 0 pri 0 droptail sched 65546 type FIFO flags 0x0 0 buckets 0 active ---------------------------------->8-------------------------------------- As seen above only the second rule is working. Assigning limiters 9 and 10 directly using a rule on the respective source interface everything works. But I'd lose lots of flexibility configuring dozens if not hundreds of rules by hand assigning the limiters. Any ideas? Thanks in advance
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list