OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: mohamed hafez on November 06, 2015, 09:04:22 am

Title: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 06, 2015, 09:04:22 am

Hi everybody,

my best wishes to OPNsense. the new promising firewall.

I've been testing it for a week now and I've struggled a little with creating a bridge between WAN and LAN and access the web management from bridge interface but I did it finally.

NOW, I've tried to apply this guide https://wiki.opnsense.org/index.php/Traffic_shaper (https://wiki.opnsense.org/index.php/Traffic_shaper) to my setup which works for a few seconds and the speed drops down to 80Kb/S  which should be 512Kb/S.

Please any Ideas, workaround , fix or alternative package that can do a bandwidth limit per user in bridged mode.

thanks to you all.

Title: Re: Traffic Shaper in Bridged mode
Post by: franco on November 06, 2015, 01:13:15 pm

Hi Mohamed,

There is a bridge mode tutorial here: https://wiki.opnsense.org/index.php/Howto_transparent_firewall_bridge

If you haven't seen it can you double check that your setup doesn't differ from the recommended setup before we go into troubleshooting the shaper on top?


Cheers,
Franco

Title: Re: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 06, 2015, 05:54:51 pm

Yes I've built the bridge based on this guide and I'm using version 15.7.18_1 and Ivve tried the same setup before on pfSense and it didn't work then I headed to m0n0wall which didn't work also and from there I knew about OPNsense and it looks like it has the same issue which is most probably linked to the dummynet.

Anyway, even if I didn't get a solution for this I really appreciate your efforts and support by replying to each user and help theme get their problems solved. So thank you so much.

Title: Re: Traffic Shaper in Bridged mode
Post by: franco on November 06, 2015, 06:31:35 pm

Don't give up hope just yet... I'll see if I can get Jos or Ad to look at this. :)

Title: Re: Traffic Shaper in Bridged mode
Post by: AdSchellevis on November 06, 2015, 07:30:16 pm

Hi Mohamed,

Shaping and filtering unfortunately can't be combined on a bridge in OPNsense, this has to do with the need for both pf and ipfw in bridge mode and these two won't work together in that scenario.

Shaping on a bridge should work when you set  these sysctl parameters:

net.link.bridge.pfil_bridge=0
net.link.bridge.ipfw=1
net.link.ether.ipfw=1

Regards,

Ad

Title: Re: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 06, 2015, 07:47:12 pm

Hi Ad,
Thanks alot to you and Falcon for your quick and positive support.

Actually I'm not interested in filtering at the moment I just need to get the traffic shaper to work.

I switched off the first parameter from System Tunables but I can't find the second and third  parameters under the same section:
net.link.bridge.ipfw=1
net.link.ether.ipfw=1

Is there a way to do it.

Title: Re: Traffic Shaper in Bridged mode
Post by: AdSchellevis on November 06, 2015, 07:50:09 pm

Hi Mohamed,

You can add those parameters using the + at the bottom of the page.

Regards,

Ad

Title: Re: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 06, 2015, 08:46:24 pm

Thanks Ad,

I've applied the parameters (check attachments).

the traffic shaping is done based on this guide https://wiki.opnsense.org/index.php/Traffic_shaper (https://wiki.opnsense.org/index.php/Traffic_shaper) but after testing there's no shaping at all applied to the traffic and the client PC is getting the full whole bandwidth.

Do I have to modify the traffic shaping method applied?

Title: Re: Traffic Shaper in Bridged mode
Post by: AdSchellevis on November 07, 2015, 09:36:31 am

Hi Mohamed,

Are you trying to shape between the lan and wireless lan? or are you trying to shape something else?
Last week I tested a transparent bridge setup with 2 downlinks and 1 uplink in the same pool, just created a pipe, added a rule and it worked perfectly with those settings, but all traffic was going through the bridge in my scenario.


Regards,

Ad

Title: Re: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 07, 2015, 09:48:22 am

Hi Ad

I'm trying to shape between WAN and LAN
The bridge has a static ip 192.168.206.144 and the gateway is 192.168.206.2
The wan has none
The lan has none
And the client pc assigned a dhcp by the router (not opnsense).
I have Internet access on the server
And I have internet access on the client pc but not shaped and I cannot see the client ip on the limiter info page.

Thanks

Title: Re: Traffic Shaper in Bridged mode
Post by: mohamed hafez on November 07, 2015, 11:53:32 am

Ad,

Here's two things I discovered :

1st your parameters are working but if the system rebooted it'll not be effective although I can see it in the system Tunables section and if I reapply it. It will work again.

2nd when the filter is working it starts at the correct speed I specified but after a while it drops down to 9 or 10 KB/s

Title: Re: Traffic Shaper in Bridged mode
Post by: AdSchellevis on November 08, 2015, 03:21:45 pm

Hi Mohamed,

I think I'm missing something here, if there's an additional network port on the box (or a console) can you try bridging without setting an address to the bridge (transparent mode)?

The situation I've tested last week looked a bit like this:
[client network 1]  ---- [ bridge interface 1 ]
[client network 2]  ---- [ bridge interface 2 ]
                                  [ bridge interface 3 ] --- uplink


I used a separate network port to configure the box, and left all interfaces  (including the bridge) without an adres.

Title: Re: Traffic Shaper in Bridged mode
Post by: Enrico on September 13, 2017, 11:27:15 am

Hi,

I'm having the same problem with V17.7.1_2.

I'll open a new thread in the appropriate section.

Enrico