Project

General

Profile

Actions

Bug #7050

closed

Limiter with PFsense 2.4 transparent proxy

Added by Nelson Junior about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Traffic Shaper (Limiters)
Target version:
Start date:
12/29/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:

Description

Good morning Luiz, is as follows, transparent proxy use with the limiter by ip, what happens is that when setada the bandwidth control for a given ip of the network, navigation to, which I did test, formatted from scratch With the last beta of pfsense 2.4, just installed squid, I activated it as transparent, create it in the limiter tab a download rule and another upload, so with their configured speeds, I went in rules and created a rule setting a certain ip so that The control is made in / out, leaving the download first and the uplod second. If the limiter is deactivated, it returns to normal navigation, if it applies again to, thanks


Files

BKP_2.1.5_FuncionandoPerfeitamente.xml (45.5 KB) BKP_2.1.5_FuncionandoPerfeitamente.xml Nelson Junior, 12/30/2016 10:59 AM
BKP_2.4_Beta.xml (31.1 KB) BKP_2.4_Beta.xml Nelson Junior, 12/30/2016 10:59 AM
01 - Configuração do limiter.jpg (108 KB) 01 - Configuração do limiter.jpg Configuração do limiter Nelson Junior, 01/09/2017 10:24 AM
03 - Teste de download de arquivo.jpg (52.9 KB) 03 - Teste de download de arquivo.jpg Teste de download de arquivo Nelson Junior, 01/09/2017 10:24 AM
02 - Aplicação na Rule.jpg (145 KB) 02 - Aplicação na Rule.jpg Aplicação na Rule Nelson Junior, 01/09/2017 10:24 AM
04 - Teste no velocimetro.jpg (58.1 KB) 04 - Teste no velocimetro.jpg Teste no velocimetro Nelson Junior, 01/09/2017 10:24 AM
Actions #1

Updated by Kill Bill about 7 years ago

Not sure what's special about 2.4 here; this has never worked since the hidden rules created by the package when set to transparent just do not apply any limiters. IOW, read this to get this working: https://forum.pfsense.org/index.php?topic=84725.msg464691#msg464691

(Hopefully should work on 2.4, on 2.3.x it'd just kill the traffic due to a well known bug with limiters and NAT.)

Is there something wrong with using Traffic Mgmt - Overall/Per-Host Throttling natively via Squid?

If someone wants to shuffle this under Packages - Squid category as a feature request, someone eventually might get to it. Certainly has nothing to do with "Developer tools", and it's not 2.4 specific either.

Actions #2

Updated by Luiz Souza about 7 years ago

Nelson, can you submit (even privately if you prefer) a copy of your working settings for the 2.1.x version and also a copy of the 2.4 settings ?

Actions #3

Updated by Nelson Junior about 7 years ago

Luiz good afternoon, I have two files as you requested, one working perfectly, which is called BKP_2.1.5_FunctionandoPerfectly, this is on the network 192.168.0.0/24, with an alias picking up the ips that I want them to do called ControlPandaPorIP, the other Is the beta 2.4 called BKP_2.4_Beta that is in a network 172.16.0.0/16, this with problems that apply to the rule for ip 172.16.0.2 it for a navigation, this is an alias only apply direct not Rules in / Out, but I already tested in all forms, with aliases etc ....

Actions #4

Updated by Luiz Souza about 7 years ago

  • Category changed from Developer Tools to Traffic Shaper (Limiters)
Actions #5

Updated by Luiz Souza about 7 years ago

  • Subject changed from Limiter Per IP Problem, with PFsense 2.4 transparent proxy to Limiter with PFsense 2.4 transparent proxy
  • Status changed from New to Confirmed

The issue here is limiter (dummynet) and pf redir on the same interface.

The transparent proxy adds a rdr rule to redirect the HTTP traffic to squid and that cause issues with dummynet on same interface.

It works with squid only or limiters only, but both will cause intermittent failures.

Actions #6

Updated by Kill Bill about 7 years ago

Luiz Otavio O Souza wrote:

The issue here is limiter (dummynet) and pf redir on the same interface.
The transparent proxy adds a rdr rule to redirect the HTTP traffic to squid and that cause issues with dummynet on same interface.
It works with squid only or limiters only, but both will cause intermittent failures.

Dunno, but this still sounds exactly the same as Bug #4326.

Actions #7

Updated by Luiz Souza about 7 years ago

yeah, sort of. this is a fallout of 4326 not being properly tested under all conditions (nat, binat and rdr) - they have subtle implementation differences.

Actions #10

Updated by Renato Botelho about 7 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF