Bug #2446
closed
pfSense fails to queue UDP packets
0%
Description
Replication instructions:
Create CBQ or PRIQ shaper on WAN interface and create a default queue and another queue for special traffic.
Create a floating rule that assigns any traffic coming from a specific host A on the LAN interface to the queue for special traffic. Now watch the queue status page while pinging some internet host from A. Having a normal ping interval of 1s will show up correctly as 1/pps in the queue status. Now generate some pure UDP traffic from A to some internet host. This traffic will be (wrongly) assigned to the default queue.
Files
Updated by Torgeir Skjøtskift over 13 years ago
Some extra details:
The floating rule assigning traffic A to the special queue should be set to "apply the action immediately on match".
Updated by Ermal Luçi over 13 years ago
Can you detail the rule you say assigns the traffic to your desired queue?
Updated by Torgeir Skjøtskift over 13 years ago
yes, the config for the rule in question is:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</interface>
- <tag/>
- <tagged/>
- <direction>any</direction>
- <quick>yes</quick>
- <floating>yes</floating>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <source>
- <address>PBX</address>
- </source>
- <destination>
- <any/>
- </destination>
- <log/>
- <descr><![CDATA[test]]></descr>
- <defaultqueue>qVoIP</defaultqueue>
- </rule>
Updated by Torgeir Skjøtskift over 13 years ago
Sorry about that, her it is, properly unformatted:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</interface>
- <tag/>
- <tagged/>
- <direction>any</direction>
- <quick>yes</quick>
- <floating>yes</floating>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <source>
- <address>PBX</address>
- </source>
- <destination>
- <any/>
- </destination>
- <log/>
- <descr><![CDATA[test]]></descr>
- <defaultqueue>qVoIP</defaultqueue>
- </rule>
Updated by Ermal Luçi over 13 years ago
I wonder if you are not being bitten by the order of events happening.
If PBX has internal LAN addresses than this rule will not match for packets going out of WAN since the internal addresses would have been natted.
Updated by Torgeir Skjøtskift over 13 years ago
PBX is an alias consisting of two public IP addresses belonging to a public IP subnet defined on the interface opt1 and is routed through pfSense without any NAT.
Updated by Torgeir Skjøtskift over 13 years ago
Also note, as I wrote in the original post, that ICMP echo request packets are correctly assigned to the queue for special traffic, which would suggest that at least ICMP traffic reaches this rule, and since there are no other rules filtering traffic from PBX on protocol level, the rule should also be reached for non-ICMP traffic.
Updated by Ermal Luçi over 13 years ago
Please put the file on /tmp/rules.debug after anonymizing addresses here to verify what you say.
Updated by Torgeir Skjøtskift over 13 years ago
- File rules.debug rules.debug added
Sorry for the delay, here is the file you asked for. The rule question, I guess, is the first one below the comment
- User-defined rules follow
As you can see, I changed the rule to queue traffic from the address BB.BBB.BBB.138 instead of the Alias PBX, just to test, but it had no effect.
Updated by Chris Buechler almost 13 years ago
- Status changed from New to Feedback
- Target version deleted (
2.1)
The floating rule should be queue, not pass. Rules file isn't accessible, but configs like this are common and work fine.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Closed