Bug #4611
closed
Limiter blocks port 80 traffic, passes other traffic
0%
Description
Details and screen shots are at https://forum.pfsense.org/index.php?topic=92214.0
Bug: Limiter blocks port 80 traffic for clients the limiter is applied to. 443 traffic seems fairly normal, email (587) works fine, ping is normal. No non-https sites will load. Disabling the rule that applies the limiter results in normal traffic (e.g. 80 works again). Moving the IP of the affected client into a non-limited group results in normal traffic. Re-enabling the limiter LAN rule or moving the client back into the limited IP block (as appropriate) results in non-HTTPS (port 80) sites being blocked.
Steps to recreate:
Create standard in/out limiters (set at 512k X 512k on a 2mbps x 2mpbs link in my case).
Apply limiter (by mac group alias in my case)
Limited client can't get to a port 80 site.
Updated by Chris Buechler over 9 years ago
you have transparent proxy enabled with squid?
Updated by David Gessel over 9 years ago
Yes - and uninstalling squid resolves the problem as well. However, both "fast" and "slow" traffic were being proxied by squid and only "slow" traffic was going through the limiter.
I apologize, I thought I had carefully tested squid out, but apparently not.
So the result of that test is that:| State | Result |
|---|---|
| squid + limiter | blocked traffic |
| !squid + limiter | works, but microsoft update day is a disaster |
| squid + !limiter | works, but users streaming to mobiles block work traffic |
| !squid + !limiter | nothing blocked outright, but the network is unusable due to traffic. |
Updated by Chris Buechler over 9 years ago
- Status changed from New to Duplicate