It doesn't seem to be a DNS or Traffic Shaping problem after all.  The original machine I was noticing the problem on is a laptop (Thinkpad T43P) on a wireless connection (claiming 54Mbps speed at the time) and during playback I was only getting 1.5Mbps through the firewall.  Then I tried a different and faster machine with wired Ethernet and it was able to play back not only at 720P, but 1080P and the traffic went up to 5.5Mpbs through the firewall.  So then I tried sitting the T43P next to one of my wireless access points and wiring to it.  I was able to play back 720P, but despite having network throughput it was not able to keep up with playing back 1080P.  So then I switched back to wireless and was back down to 1.5Mpbs despite network status showing 100% signal on a 54Mbps wireless G connection.

So traffic shaping appears to be working and it's a specific client PC problem.  I'll start chasing after updated drivers.

No, because "WAN Optimization" isn't one thing - it is a number of technologies. Some of those (eg QoS) are built in to pfSense and some (eg Squid) are packages. You need to work out which will help you and then apply those.

If no queue is selected in the rule, then the traffic matching that rule will go in the "default" queue for the interface it is heading to.  There is required to be one and only one default queue for each interface that has traffic shaping enabled.

Assuming this is a simple default setup with one WAN interface which is the internet and one LAN with the local host(s), and all WAN traffic coming in blocked…

To limit download, remember that the download traffic is only allowed in from the WAN because it was initiated by a LAN host.  The firewall rule that allows the traffic and sets the traffic shaping queue can be the same rule, the one on the LAN tab that allows the traffic out.  The traffic that is allowed back in is still matched to that one rule that allowed the connection to take place, on the LAN tab.  So to limit downloaded http traffic to a host "192.168.1.50", you need a queue called, for example, "qHTTP" on the LAN interface, with the limits set how you want, and a firewall rule on the LAN tab, which says pass TCP traffic, destination any, source 192.168.42.50, port 80(http), and queue="qHTTP".

That's the general idea.  If you want to limit the http going out, just make a queue with the same name, "qHTTP" for example, on the WAN interface also.  The same firewall rule will use that queue too.

Hi,

Can I use "Limiter" feature to shape the bandwidth according to requirement?

My Requirement is

In my company there are 3 user groups existed.

1. Top Management
2. Executives
3. General Staff

According to the neediness of internet traffic I want to allocate 60 %, 30% and 10% respectively. Can I do that with pfsense traffic shaping facility?

Please upload step by step guide to Bandwidth shaping

:'( :'( :'( :'(

Okay, I think I'm cool now.  Updated to snap from August 12th.  I do think it's kinda weird that the floating rule the wizard created didn't seem to work - I had to delete it, and create one for the LAN for the voip host, then edit the existing rule for the RTP ports on the WAN to add qVoip.  Oh well…

Ye, it looks familiar to how the wizard creates queues. But nice explained though!

How I see it, the Queues are actually the ones creating bandwidth limits for ip adresses, aliases, interfaces, whatever… No need for LIMITERs as I see it.
Or what?

I have tried with limiters the past few days, but cant seem to make them work as intended :(

Rafter

in opt2 interface which is renamed, work as lan. didn't try limiter yet

You should have different subnets for each Vlans, yes?

If so, simply set 3 queues under the traffic shaper in order of priority and use PRIQ (note, this is only applicable to pfSense 2.0).

Assign all traffic to or from each Vlan (by specifying the source or destination subnet) into the individual queues using the Vlan's interface tab (for outbound) and the floating tab (for inbound).

eg.  Setup 3 queues (qVLan1, qVlan2, qVlan3 with priorities of 3, 2, 1 respectively).  Set qVlan3 queue to be the default queue since this is the lowest priority queue anyway.

Set the default rule under Vlan1 tab to pipe all traffic to qVlan1 queue; The protocol/ destination will be any and the source address will be the subnet of Vlan1.  Go to floating and set the same except that the Protocol/ Source will be any and the destination will be Vlan1's subnet.  Also, ensure that the interface is set to WAN (this will accomodate for inter-vlan routing at higher speeds with other rules)

Do the same for Vlan2 and Vlan3.

Thanks that makes sense.  Seems to be like you said, Josh, without the queues on different interfaces somehow communicating with each other, they can't shape properly if given access to sort of "overlapping" bandwidth.  I might have to look into this a bit more :)  I do find it really interesting and confusing trying to understand exactly how TCP works in this kind of situation.  I think probably each network will end up getting bandwidth proportional to how many connections it has, and no way to specify "network 1 limit bw to .3k only if other networks are using 1.2k"

I like the idea of using 5 interfaces and pluging one into the other, should be able to do that with a little VLAN switch… which then makes me wonder if you couldn't do that somehow within pfSense using vlans and bridges somehow... have to look into this now...

Very informative thank you. It makes sense that An adverse effect of shaping is increased data on the ISP's side. Because delayed data gets re transmitted because it thinks it's "in error". Where as is has a long response or timeout.

It's good information for others to concider. You may be limiting you internet usage going out but hitting your WAN, it's increased because of the drop retransmit.

@roja: i've used multilan setup succesfully now for three weeks. actually having 3 different lans.
1 lan is priq(mine)
2 others are set hsfc(others)

and it works fine

Did you update or something?!?

Please give more info

;D not Sure what you mean by the last line but if you're main Focus is to limit youtube, you first need to "google" youtube's ip ranges
and then create a rule and place data from those sites (source) in to a low priority queue using the firewall rules. Destination will be "any".

**Note you may have to create a few rules to get a majority of the Youtube servers. Also you can have wider mask on the source address.
The other way was to use squid and reg ex the hell out of the http data, but i personnely I don't find that works as well.

For flash from other sites the Proxy method may have to be the way you go.

My 2 cents  ;D

Hope fully some one replied but i am going to Throw my 2 cents in; I too was running 1.2.3 and When 2.0 came out i upgrade and was horrified by how it did not work. Features were nice but if they did not work, I am loking at you PPPOE creating multiple adapters ..

Now i have bit the bullet and upgraded to 2.0 RC3 and WOW what a difference. It's way better than 1.2.3 and many of the post here with questions it starts to be noticeable who has 1.2.3 and who has 2.0 RC3 by the questions they ask. 2.0 really makes Traffic shaping easier with Layer 7 and with parent vs child queues setup.

And Yes Create a back of your 1.2.3 and then upgrade. The best tip i had was remove your packages before upgrading. Then after upgrading reapply your packages all config's will remain. Then create a new backup of your 2.0 (different backup files).

my  2 cents

@neewbie:

check the default queue. bandwidh in% curve in kb. such as the inverted image above.

the snapshots. pfSense-Full-Update-2.0-RC3-i386-20110728-2121.tgz   been running normally.

you mean i should check Default Queue in qP2P ?

@ermal:

Check latest snapshots.

Cool, I'm running Sunday July 24th snapshot, will update.

videostream limit by using the L7 can too. with queue can too.
if using L7, flash protocol  limiter structure behvior limiternya name. and create a rule floating for port 1935 with L 7.