Bug #2446
closed
pfSense fails to queue UDP packets
Added by Torgeir Skjøtskift over 13 years ago.
Updated over 11 years ago.
Category:
Traffic Shaper (ALTQ)
Description
Replication instructions:
Create CBQ or PRIQ shaper on WAN interface and create a default queue and another queue for special traffic.
Create a floating rule that assigns any traffic coming from a specific host A on the LAN interface to the queue for special traffic. Now watch the queue status page while pinging some internet host from A. Having a normal ping interval of 1s will show up correctly as 1/pps in the queue status. Now generate some pure UDP traffic from A to some internet host. This traffic will be (wrongly) assigned to the default queue.
Files
Some extra details:
The floating rule assigning traffic A to the special queue should be set to "apply the action immediately on match".
Can you detail the rule you say assigns the traffic to your desired queue?
yes, the config for the rule in question is:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</interface>
- <tag/>
- <tagged/>
- <direction>any</direction>
- <quick>yes</quick>
- <floating>yes</floating>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <source>
- <address>PBX</address>
- </source>
- <destination>
- <any/>
- </destination>
- <log/>
- <descr><![CDATA[test]]></descr>
- <defaultqueue>qVoIP</defaultqueue>
- </rule>
Sorry about that, her it is, properly unformatted:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</interface>
- <tag/>
- <tagged/>
- <direction>any</direction>
- <quick>yes</quick>
- <floating>yes</floating>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <source>
- <address>PBX</address>
- </source>
- <destination>
- <any/>
- </destination>
- <log/>
- <descr><![CDATA[test]]></descr>
- <defaultqueue>qVoIP</defaultqueue>
- </rule>
I wonder if you are not being bitten by the order of events happening.
If PBX has internal LAN addresses than this rule will not match for packets going out of WAN since the internal addresses would have been natted.
PBX is an alias consisting of two public IP addresses belonging to a public IP subnet defined on the interface opt1 and is routed through pfSense without any NAT.
Also note, as I wrote in the original post, that ICMP echo request packets are correctly assigned to the queue for special traffic, which would suggest that at least ICMP traffic reaches this rule, and since there are no other rules filtering traffic from PBX on protocol level, the rule should also be reached for non-ICMP traffic.
Please put the file on /tmp/rules.debug after anonymizing addresses here to verify what you say.
Sorry for the delay, here is the file you asked for. The rule question, I guess, is the first one below the comment
- User-defined rules follow
As you can see, I changed the rule to queue traffic from the address BB.BBB.BBB.138 instead of the Alias PBX, just to test, but it had no effect.
- Status changed from New to Feedback
- Target version deleted (
2.1)
The floating rule should be queue, not pass. Rules file isn't accessible, but configs like this are common and work fine.
- Status changed from Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by Ermal Luçi 
Updated by