Ok, I have the exact same configuration. Two limiters, a firewall rule for the LAN interface with "LAN net" as source.
As you stated "Anon Freifunk" is a subnet. LAN net is my LAN subnet, so it schould work.  ;D

That's correct.

A bridged queue would be handy. AFAIK there is no such thing and therefore no way around deploying a transparent firewall and use the shaper on the bridge. Let me know if I am wrong.

TCP/UDP rules cover both TCP and UDP, so packets can use either protocol and it will work.

Usenet traffic would be all TCP as far as I know.

Would this happen if you had less bandwidth than you thought, and put too high of values for ISP bandwidth when going through the wizard?

Go to firewall –> rules --> edit a rule

scroll down to the advanced options and click on "Advanced options". There you will find some options about connections and states. Not sure if there is also something which will help you.

@kyu:

@redflag237:

Sorry but is there noone who could geve me a hint?

If your HFSC is working, you could fiddle with m1 and d perimeter.

Say the queue responsible for downloading will get m1 = 20Mbit (bypass all other limit) for d=30seconds, and after that it's given a lower bandwidth m2=2Mbit. I believe this will automatically throttle any file bigger than 20Mbit x 30 / 8 = 75MByte.

Works fine, thank you very much!

@kyu:

@drwebster93:

@podilarius:

In the floating rules there is a source and a destination. Just specify the IP range of the phone as the source for outgoing connections and the destination for inbound queue.

That would work for one phone, but how would I do this with five IP phones?

Thanks!

Create an Alias, and input the IPs of the phones inside the Alias.
In the floating rule, specify the alias instead of IP.

kyu, thanks for the tip on the Alias!

So I made an alias, and put that in for the VOIP adapter in the traffic shaping wizard.  I have been monitoring my queues though, and it doesn't seem to be doing much.  If I monitor my queues on the pfsense box on the side with our phone system, I see around 50 kb/s per call in the qVoIP on WAN queue.  But at the same time, on the pfsense box on the side with the 5 IP phones, I am only seeing around 900 b/s per call.  The only difference in configuration is that I used the IP address of our phone system for the VOIP adapter in the wizard on the side with the phone system, and an alias with the IP addresses of the 5 IP phones on the side with the IP phones.  Any ideas?

Thanks!

@sofakng:

EDIT:  What concerns me is that I can only prioritize the packets I'm sending to my ISP.  I can't prioritize the incoming packets (i.e. if I'm downloading at full speed while trying to make a VOIP call, etc)

The shaper does prioritize incoming packets too. It's true that particular packet has already used your Internet bandwidth at that point, but TCP's congestion control will kick in and quickly slow the download as needed by queuing once it gets to you.

I enclose the problem.
This user like so many others, I can not limit the bandwidth they entered it in the output.
It comes in at 3.5 Mb and upload inbound up to 7 Mb.
I enclose also its configuration.
If anybody has any idea thanks in advance.

202.png
202.png_thumb
Immag_161.jpg
Immag_161.jpg_thumb

@tupm:

Hello! Very cute pfsense … Now, this was not something simple??? limited but simple? debian is easy for me, that I do not understand the truth .. anyway ...

I have this problem:

-2 Wan (dhcp) cable modem
-1 Lan domestic stupid!

-set group in routing ok
-set firewall rule (grup gateway) for lan ok
-set tier2 and tier2 for both wan (wan and opt1_gw)
-set diferent DNS for each interface ok (opendns)

ok but alll of load and balance (connection) disaster,

what is wrong?

Status is DISASTER (conextion not show multiple graph :(  )
anyway, the problem is that I see for 1 WAN generates 98% of the traffic, why? see down page log…

Thank you very much, please help!

THIS IS MY INTERFACE STATUS, SEE THE OUT PACKETS (sorry for my english )

Status up
DHCP up   
MAC address 00:08:54:46:4d:be - Netronix
IP address 192.168.0.x  
Subnet mask 255.255.255.0
Gateway 192.168.0.1
ISP DNS servers 127.0.0.1
208.67.222.222
208.67.220.220
Media 100baseTX <full-duplex>In/out packets 209901/209866 (226.79 MB/46.86 MB)
In/out packets (pass) 209831/235947 (226.76 MB/46.85 MB)
In/out packets (block) 70/35 (36 KB/2 KB)
In/out errors 0/0
Collisions 0

LAN interface (nfe0)
Status up
MAC address 00:15:f2:ad:05:b1 - Asustek Computer
IP address 192.168.1.1  
Subnet mask 255.255.255.0
Media 1000baseT <full-duplex,flag0,flag1>In/out packets 312714/312333 (134.50 MB/246.18 MB)
In/out packets (pass) 312320/279144 (134.41 MB/246.16 MB)
In/out packets (block) 394/13 (91 KB/18 KB)
In/out errors 0/0
Collisions 0

GW_OPT1 interface (re1)
Status up
DHCP up   
MAC address 00:06:4f:4a:93:f1 - Pro-nets Technology
IP address 190.113.134.x  
Subnet mask 255.255.255.0
Gateway 190.113.134.x
Media 100baseTX <full-duplex>In/out packets 88412/87800 (17.32 MB/90.63 MB)
In/out packets (pass) 87800/125651 (17.28 MB/90.63 MB)
In/out packets (block) 612/0 (42 KB/0 bytes)
In/out errors 0/0
Collisions 0</full-duplex></full-duplex,flag0,flag1></full-duplex>

HELP PLEASEEEEE

How about testing it out by transfering a large RAR file over to someone and see which Queue gets clogged up.

I use the wizard to setup my initial settings, then I manually adjust any fine tuning. The wizard has a place to limit P2P. I make sure to use that and then adjust it higher manually.
I have not used limiters so I cannot help you there.

@leecallen:

I then created a single Rule  for the WAN interface:
    Action: Pass
    Interface: WAN
    Protocol: any (I have also tried TCP/UDP)
    Source, Destination: defaults - "not", type any, no address
    In/Out: in=WANin, out=WANout

"Not" "Any" means the rule does not match any traffic.  It will not direct traffic through the queues defined.

What you need is a rule that catches everything, meaning you uncheck "Not".

Secondly, check the direction of the rule.  It matches traffic based on whether it is leaving the WAN or entering the WAN port.