ERPro-8 with EdgeMax v1.8.5
I'd post config, but not at work right now. I have 3 LANS with the same shaping requirements, and 1 WAN(eth1) at 50/5mbps through a cable modem. The problem I'm trying to solve is the prioritization of packets as they come in through eth1, modified by a firewall with DSCP in eth1 firewall in, and eth1 is directed to ifb1 that has a traffic-shaper out policy. I'm running into issues because our VoiP provider has 2 IP ranges using a range of source AND destination ports, so I'm using the firewall's ability to modify packets from groups. This part is working very well according to show firewall modify statistics. I only have 2 downstream rules, one modifying to DSCP 26 and DSCP 46, and they are getting modified. On the flipside, I have 4 upstream rules, working appropriately by using eth0/2/3 firewall in, and eth1 traffic-shaper out.
Due to the fact that the services are used on both dedicated devices and PCs, using static IPs seems futile. For upstream, this works wonderful because I mark the packets on LAN in, and shape on WAN out. 4 upstream rules using 3 destination address groups, 4 port groups. show firewall modify statistics(for upstream) and show queueing ethernet eth1 have near-identical packets modified and shaped into their designated classes.
But, downstream, it seems like there's a disconnect between the firewall modification on eth1(WAN) in and shaping on ifb1 out. For the shaping, identification by port works(DNS, SSH, SSL), but the classes looking at DSCP get nothing, even though their classes are 2nd and 3rd(DSCP 46 and DSCP 26, respectively. The first class is for source port 53 @ 2% of bandwidth).
Is it a bug, not being able to shape marked packets on IFB? Would I be better off using the Advanced Queue with eth1? It'll mean I have to redo the upstream shaping, but is that my only option?
