Bug #7409
closed
Packets originating from the firewall itself do not enter the proper queue.
0%
Description
I have a 25/10 DSL connection and for well over a year I've been able to setup queues successfully for regular internet traffic (qInternet), VoIP traffic (qVoIP), and other traffic such as LAN to OPT1 and OPT1 to LAN transfers as well as a Squid (0.4.36_2) Transparent Proxy (qOther).
The squid traffic was easily matched using a floating rule for any connection who's destination port was 3128. This has worked for both transparent and non-transparent configurations.
The problem I am seeing now is that traffic from the firewall/squid is not being matched to qOther. Instead it gets matched only with the default qInternet. LAN to OPT1 transfers enter qOther properly though. The problem seems to be related to traffic originating at the firewall.
To confirm, I placed a 1GB.zip file in /usr/local/www and then set a floating rule to match traffic connecting to this firewall itself on any port from any source IP/port for qOther.
Upon download, the packets still ended up in qInternet instead of the intended qOther.
Updated by Jim Pingle about 7 years ago
- Status changed from New to Rejected
Please post on the forum for discussion. Shaping happens when a packet exits an interface, odds are your floating rule is not correct to match the traffic in the way you intended.
Updated by Kristopher Kolpin about 7 years ago
I just posted on the forum now but I believe the rule I am using is sound. I know just because I said I've been using the rule for over a year doesn't necessarily mean I was using it correctly but it did work as I intended it to.
I used the Traffic shaper wizard to get things going and then modified and added from there as I always have. The rule was always very simple and worked well so I can't see it being something I'm doing wrong. Unless, in the off chance my configuration was working in the past because of a bug that has now been fixed thus resulting in my now mis-configuration.