@casper001:

yes my friend i configured squid + squidguard and when enable traffic shaper i cound not access anything at all. I am sorry it's may be my mistake but I have read on forum that they can't work on same machine.

Same issue with mine…  As soon as shaper enabled, all connectivity is lost. Even from the localhost of the pfsense box. I am running 2.2.4

In-fact after completing the shaper wizard, I go to check the status-queues and nothing is listed.... But when I go to the firewall-traffic shaper they are all listed... Not sure whats going on or why this isnt working. So for now I troll the board and have my shaper disabled. Would love to get it going soon thou!

@KOM:

Is there a particular reason you didn't address my last comment?  You're not going to make many friends here if that's the way you treat people who try to help you, and slamming ESF/pfSense because I couldn't come up with a fix for your squid problem is just unfair and unnecessary.

@KOM
Please see my reply on this matter in topic: https://forum.pfsense.org/index.php?topic=97108.0 …

The topic in hand has nothing to do with squid

cyber7-out
ps - You will see that your last comment was addressed factually...

Oh it is the IP of a LAN client for testing purposes. Goal is to create an alias of several client IPs for this rule if successful.

If you want to limit wan traffic to a specific site, you can also have a look at my Definitive Guide to Limit Facebook traffic:
https://aubreykloppers.wordpress.com/2015/07/22/pfsense-and-shaping-facebook-the-definitive-guide/
It really works and it works well!

cyber7-out

Most current shapers support a form of sharing. FairQ doesn't really "shape", it just evenly distributes bandwidth over the flows. Codel, as a scheduler, only manages packet dropping.

The limiter won't help because the limiter doesn't manage buffer bloat. HFSC works great for me, 0ms increase in latency during saturation.

I got it working.  The direction was tripping me up.

Thanks all!

for me, I just create via Wizard and have nothing checked and work from there :(

I really don't know why creating them manually don't work for me.

Multi-WAN/LAN is difficult to traffic shape since you need a queue for every combination of interfaces you plan to shape.

Example
If you have 1 WAN and 1 LAN, to shape VOIP, you need one rule/queue
If you have 2 WAN and 1 LAN, you need 2 rule/queue
If you have 2 WAN and 2 LAN, you need 4 rule/queue

If you're just concerned about VoIP getting through correctly, you could try just enabling FairQ on every interface, set your interface bandwidth, and let us know if it helped.

Have you run the wizard and created a default VoIP queue by filling in the Voice over IP page of the wizard?  For traffic-shaping you use the Floating rules tab.  Add a rule that directs traffic from your VoIP phones into qVoIP with your preferred WAN as the gateway.

Please start a new thread rather than bumping an old, resolved thread for a different issue.

System - Advanced - Secure Shell - Secure Shell Server.  Then you can use PuTTY or your favourite terminal app to connect, or go to the console and press 8 for Shell.

ok sir, am really sorry, will take note.

Wow, how did I miss that?!  :o
Indeed the shaping rule must be above the LANnet rule otherwise all the traffic will be caught and passed by the LANnet rule.

Steve

Ahh yes, that. Once traffic is classified, you can change your shaper rules against the classifications and those updates seem to be instant, but anything that is set when a connection is created is never changed.

I would love to see a checkbox which said,

"Bypass Shaper for Squid traffic"

I think after reading about 50 posts on trying to get the 2 to work together and only having it work once with transparent mode (version 1.2.3) back in the day after dropping to the cli and replacing some ipaddresses this is long past due. - The two working in concert really really helps low bandwidth connections.

Regards

nzcam

So you just need basic outbound priority.  The best way to do this is still through the traffic shaper.  Unfortunately there is no way I know of to move/change the bandwidth cap dynamically, but then again cap settings only matter for traffic shaping when your traffic actually begins to hit those limits.  But no matter the bandwidth cap limit, if you prioritize VOIP through a traffic shaper you essentially make sure it is sent first from the firewall, which is pretty much the best you can do at this point.

The traffic shaping wizard makes setting this up pretty easy.  Run through the shaper, set the VOIP priority, and make sure there are floating rules in place that match traffic destined to the VOIP server.

Do the radios used in the link acknowledge prioritized packets?  No doubt they are recommending you raise the antenna to get it above interface and improve the line of sight to the other side.  What kind of radios are you using?

Shaping is done egress per interface. Shaping data leaving you WAN is relatively easy, your main problem will be shaping your LAN in order to limit your download rates.

If using HFSC, you could create a child queue on your LAN interface for both WANs

WAN1 - upper limit 8Mb
WAN2 - upper limit 5Mb

Then create child queues under each of those for your traffic

WAN1
–high1
--med1
--low1
WAN2
--high2
--med2
--low2

Create a rule on the LAN matching all traffic to/from that IP address and assign the limiters you created to it.  Not sure if the limiters themselves need a different setting, but you definitely need to use rules to apply it to the specific IP.  Make sure the specific match rule comes before your match any LAN list.