Your rule is on WAN – NAT happens before firewall rules, including outbound NAT. The private IP you referenced is not visible in outbound WAN rules since it has been translated by the time the rule is processed.

To match that you would need to do so inbound on the LAN interface and not outbound on WAN.

Anyone?

Hello all. I want to ask you something.
I have this scenario. I want to put a pfsense only for QoS purposing with 2 NICs WAN & LAN but this 2 are bridged in br0 so WAN & LAN don't have ip only br0.
I'm trying to limit my hosts download & upload speed by Queues & every host has a different speed limit.
I make first queue on br0 with my isp speed limit and then 1 child download and other 1 upload, and into these 2 I make children for every host down and up. but rules where do i have to create them in br0 or where?.

Sorry for my English.
Thanks

When you leave the bandwidth empty on the interface, the shaper gets the bandwidth from the link speed (10/100/1000Mbit).

If you were to take a gig-e interface and, say, define qLink as 20% and qInternet as 850Mbit, you would have a total of 1050Mbit which is greater than 1000Mbit and would generate the error.

As qInternet approaches link speed, the wizard is going to start making mistakes.

At least that's how I understand it.

Ok. I've removed the bridge. same issue.

:(

According to the docs it should only ratelimit if the queue is congested/contested right?

Like it says I should have 60M for my "high" priority/bandwidth queue.  Yet, it seems to be limited around 170M.  :(

Strangely I tried this on another piece of hardware at my office it SEEMS to work as expected (15 meg there = 15 meg).

Currently tested my home setup again and set it to 300/20.  Speedtest reports 128 down and 17 up.  Remove the traffic shaper and get 300 down.

I'm using a bridged lan interface. Could this have something to do with it? I'm setting all of my rules on the bridge.

You seem to have multiple different questions.

To answer the one in your title, traffic shaping basically kills the benefit of squid caching, as it likes to shape the cache hits, which is exactly NOT the desired behavior (at my site, anyway) for items in cache. I've tried shaping and had that happen, so I turned it back off.  :-
I've tried a byzantine and poorly documented procedure to try and make cache hits appear to be ACK packets and then give the incoming ACK queue loads of bandwidth (on the assumption that most actual ACK packets are going the other way, so you can get away with that) which sounds nice in theory, but in practice either from being byzantine, or poorly documented, or "darned if I know" it simply blew up and killed all traffic until I rolled the configuration back to a previous save point (be sure to make one before messing with the shaper - you may need it.)
It seems like a common enough combination (we cache to improve performance, we also want to Shape/QoS to improve performance) that there ought to be a more functional way to get there - but I haven't found it yet.

is it possible to shape traffic of different mac adresses in the lan? i find it quite disturbing using IPs as i like to keep dhcp working

Sorry for the error.  Glad it's working.

The rule that assigns the queue needs to be placed somewhere where it catches state generation.

To shape connections started by LAN clients out to WAN, the best place is probably a floating match rule on WAN out.

To shape connections inbound to servers, the best place is usually in the pass rule on WAN that allows the traffic in the first place.

Yes  - manually.
Im just need limit all trafic on WAN to speed <20 mbps (but really speed 77mbps)
how made it?

ps. wizard dont help too..

Ok, i ran your script for 3 different nameservers. I'm addind the results as an attachement

Why not add all names one by one like a001,a002 to the aliases. It takes time but it should work if they are all of them

cs.steampowered.com.txt
hsar.steampowered.com.edgesuite.net.txt
steampowered.com.txt

I think that is what I am going to do.  I read this post and learned quite a bit more.  The rest of that thread is good too.