Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Traffic Shaper / Normalization Question
« previous
next »
Print
Pages: [
1
]
Author
Topic: Traffic Shaper / Normalization Question (Read 2063 times)
Animosity
Newbie
Posts: 16
Karma: 1
Traffic Shaper / Normalization Question
«
on:
December 02, 2021, 09:15:53 pm »
What's the proper way to make a normalization rule to flag all my traffic for one particular host?
I've tried a few things with setting it via normalization rules but when I tcpdump, I don't see all packets being marked.
I tried to use Out with the private IP Source.
I tried to use Any with the private IP Source.
I tried using In with the private IP as the destination.
I'm sure I'm missing something silly as my goal is to mark all packets from a private LAN IP with a specific DSCP flag so I can use that later on the shaper rules to shape that LAN IP.
If there is a better way to do it, that would be great as well.
Logged
Animosity
Newbie
Posts: 16
Karma: 1
Re: Traffic Shaper / Normalization Question
«
Reply #1 on:
December 04, 2021, 05:17:31 pm »
There's not a single person that has a use case to traffic shape an internal IP out?
In Pfsense, you do this by tagging LAN traffic and making a floating rule that captures the tag.
I'm just trying to see how this is replicated on OPNSense.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Traffic Shaper / Normalization Question
«
Reply #2 on:
December 04, 2021, 05:56:50 pm »
If I'm not mistaken the shaper picks the packet before the handling of pf. You need to mark DSCP packet at the switch, which is the usual behavior network wide.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Animosity
Newbie
Posts: 16
Karma: 1
Re: Traffic Shaper / Normalization Question
«
Reply #3 on:
December 07, 2021, 06:38:59 pm »
So what I ended up doing to solve the problem was more akin to comment on where the shaper lives in the flow of the packets.
In pfSense, you can't see LAN IPs going through the floating rules on the WAN.
In the Shaper in OPNSense, you can see LAN IPs so just I made my in/out rules matching the proper LAN IP I was to reduce/shape going in/out and can validate the GUI they match so I didn't use any of the normalization items as that wasn't working despite being in the GUI area to mark packets so if you can't mark them, it probably shouldn't 'appear' to work / be configurable but it is.
Needless to say, I met my solution for my initial question by using the LAN IPs which was much easier and works well.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Traffic Shaper / Normalization Question