Thanks for the response.  I ended up actually just reinstalling since I was just getting started.  It might be nice to have in future versions a "reset to defaults" button for certain packages….like snort.  :)

I have a 50/50 connection and I had to up my queues to 2500 to avoid dropped packets because of micro-bursting. You may want to try something smaller, but give 200 a try and see if it makes a difference in your throughput.

There are diagrams in the 2.1 book.  I'm not exactly sure where floating rules come in.

Here's one paste.  I am operating on the assumption that a floating rule on WAN out pushes the firewall rules on WAN back into the path and that's the proper order.  LAN rules, then floating on WAN out for outbound states.


@KOM:

No idea.  I don't use captive portal.

Maybe i'm the only one to use captive portable with the traffic shapping.

I'll continue my research.

Thanks.

This post looks like it may have the information you're looking for. https://forum.pfsense.org/index.php?topic=47856.0

If the other party has a slower connection, there is nothing you can do on your end, traffic shaping or not.

If all of your rules don't have a fixed upperbound, there should be a way to change the root to increase its upper limit. I'm not sure how, but there's bound to be a way.

Traffic management via the shaper is done with the use of queues and Floating Rules.

@Derelict:

Get rid of the burst until you understand what it does.

Done.

Your comment says 1Mbit, but your limiter is 10Mbit.

I was tweaking the settings without updating the comment.  You can ignore the comment.

If that rule is on the customer interface, in is upload and out is download.

What do you mean customer interface?  It is a type of LAN interface.  It is a VLAN (1003) of the LAN interface.

There are countless questions asking how to do this.  Do a search.  You probably want a main limiter that gives your guests a pool then child limiters with a mask to evenly distribute the data while letting one user monopolize the entire pool if they're the only one on.

Yes there are.  I have & will continue to search.  Is the main limiter with child limiters required?  I don't understand "a mask to evenly distribute the data".  I won't have problems with a lot of people being on it at one time.  It's for my home network & mainly just to keep the occasional guest from using my primary WiFi so I don't have to give out my WPA2 key & at the same time keep said guest from using up all my WAN pipe.

Thank you all so much the issue is resolved ;D. Just in case it becomes handy for someone else. Ill briefly write what I have learned and what I have done to fix the issue. As I already stated im pretty new to this networking stuff so if im not 100% right please correct me.

What I understood in general about TCP/IP is dropping packets is a way to control speed. So I figured dropping packets at such a low transfer rate was bad. If these were packets for something not time sensitive like web browsing it would go unnoticed.

-On my SRVS lan in Qinternet I added a new queue called MCservers.
-On my SRVS lan I deleted the games queue as I have no other game traffic on that subnet.
-On my WAN I set the game queue bandwidth to 5% service curve Link share 5%
-On my WAN I set the MCserver queue bandwidth to 40% service curve (Real time : 7Mb, Link share : 40%)
-On my firewall rules in the floating section I found the minecraft port entry and I edited the advanced features to use the ACK/MCServer Queues

So far with 2 days of testing ive had up to 15 people = aprox 2-3 Mbps uploads and no complaints of lag and no more dropped packets in my graph.

Actually it seems like this traffic is not showing on my RRD Queue graph at all anymore. Is this normal behavior with the real time service curve? I guessing that Realtime traffic skips the queue all together or for some reason just doesn’t show up on the graph?

I still have more to learn about the service curve I found some awesome links in this forum. I should be ok from here. Thanks again!

@stenio:

@Harvy66:

Is there a reason why you can't treat this as a dual LAN setup, where the actual LAN is one network and the DMZ is another?

Hi Harvy,

Yes, there is: I would like to share the download bandwidth between the two interfaces.

Thanks,
Stenio

Yes, seems I derped a bit there. I realized it when I read another post a few days later. Am I interested in how to best handle the issue of multi-lan where queues can't share interfaces. If there was a way, outside of yet another firewall, to have a single QoS queue for both Interfaces, that would make it simple.

That would work.  Read this to start.

little update: the problem is only vof trafic from remote site to my device in nat1:1.

Upload is good.

Thnx

its built-in pfSense…

Status - RRD Graphs

What I did wrong?

Posting a Squid question in the Traffic Shaping forum, for starters ;D

You will have better luck getting a reply in the proper forum.  Questions about packages like Squid and Squidguard should be directed to the Packages forum.

@georgeman:

Real solutions to this at the time:

Use another pfSense in front of the other one, to shape based on the origin and destination subnets Bridge the interfaces so you can apply the shaper to the bridge as a whole (you can still somewhat control traffic among them but it is more a clever hack than real networking stuff) Use VLANs on the same physical interface

As you can see, all of them are based on the principle of applying the shaper to a single physical interface

Hi Georgeman,

I've a similar situation in which I would like to limit the download speed of my DMZ and LAN interfaces. Could the limiter be another option to solve the problem?

Thanks,
Stenio

You are correct on torrents but I have a seperate torrent box at home (NAS computer) so I can direct its traffic to lowest priority queue by ip without a problem. I can advice everybody to do this.
While it is easy to prioritize certain activities like voip and games to highest priority, it is becoming harder and harder to seperate traffic coming from port 80 generic servers. These include steam downloads and now this.
So I created 3 seperate port80 queues. I'm trying to further prioritize certain web traffic from youtube,google etc. While doing this, I'm trying to deproritize port80 downloads to low priority port80 queue. But this isn't the best solution. It is still better than nothing.