ya pfsense 2.0 lastest beta, thanks for advise, it's work great.   ;)

This is a routing problem, not a traffic shaping one, per se. More info on multi-WAN in 2.0 here: http://forum.pfsense.org/index.php/topic,10407.0.html

You need to create a rule on the LAN interface for DST port 80, Gateway: ADSL.
Similarly, rules on the LAN interface for DST port 25, 110, Gateway: DIGINET.

These rules go above the default pass rule if you have one.

thanks guys for your replies!  I REALLY appreciate help because I am such a noob in networking, especially with linux…

Yes I have squid installed, but I barely know how to use it.

serangku, I understand squid might be able to help saving bandwidth, but at the end of the day, if the users are downloading all kind of different/non-repetitive data, it will not work.  Think about rapidshare files or torrents...

dreamslacker, I only use NFS shares to transfer files between machines.  Marginal amount of data through http (only web services such as mediawiki and Knowledgetree a document management system).  Preferably, setting the delay pools only on the WAN side would be best.

What would be the first step in implementing this?  DO I need to modify the squid.conf file of my pfsense box using the examples on the sites you sent me?

Oh..  In that case, the rules will be added directly under Traffic Shaper.

Just set to:

LAN->WAN
Protocol: ICMP
Source and Destination IP & Ports to 'ANY'
Target:  qWanAck/ qLanAck

@jimp:

If the data hits your router, it's a packet you received. If the packet was dropped/rejected, your ISP may not know that, they just know that the packet was transmitted to you.

Odd that it doubled, that doesn't make a whole lot of sense.

It isn't odd.  The rejected packets are expected by the clients behind the box.  Since they will not acknowledge the receipt of the packets that were dropped, the packets get retransmitted at the source again after a certain time when the source doesn't receive an receipt confirmation from the client(s) behind the pfsense box.

Yes because usually when people are using torrents with nonstandard ports their traffic would be classified as default. So I configured default queues similarly to p2p queues to filter them anyway. Other important traffic has his place in qothersH, qVOIP, qGames. These are the types of traffic mostly important for me to prioritize. ICMP belongs to qOthersH which has its fair share of bandwidth so I don't understand why delay with modem happens when I do a ping test.

Additionally my voip programs seem to work fine since I set them up in a shaper. No chopped voice (very clear) and delay seem to be fine. I didn't test it much but team speak or skype seem to work just fine. I set the rules for the games as well but they have a horrendous delay once I have some other traffics running (usually torrents) while voip seems to be unaffected http://thuocdongduoc.vn/

So assigned bandwidth for prioritized traffic seem to work fine but priority of packets is not really working correctly. I just need more testing with voip to be sure if delay is not affected there when torrents are working.

Thx for any replies!

This is easier on 2.0, using limiters. There you can set a limiter which can apply either as a group, or individually per IP.

I used MyQoS in dedicated machine with 2 nics, I bought 100Mb/s license, actually I got about 75Mb/s and 1000 wireless users. It can be used as NAT + QoS, or just QoS alone(working in bridge mode).

Yes, it has Web GUI, it's straightforward if you looked through manual carefully.

Don't cap the other bandwidth, set the Voip queue to have 320Kbps of realtime bandwidth.
i.e.  320Kbps is reserved for the Voip queue.
Since your phones should have static IPs, set their IPs into an alias and use a firewall rule to mask the source as the alias and pipe all the traffic into the Voip queue.

This is rudimentary, of course, since the 320Kbps is forever reserved for the voip purpose but tweaking for a more fair share is very heavily dependent on the specific traffic type you see on the network.

Example:
Assuming each voip packet is 1.6kb and you need 30ms max. for clear calls.  This is for one way, you need another similar queue for the other direction.

qVoipUp & qVoipdown
realtime (m1 d m2): 6.4KbKb 30 160Kb
bandwidth (m1 d m2): 160Kb 100 160Kb

Assuming the phones are using 192.168.1.100 to 192.168.1.104 as their IPs:
Alias IPs 192.168.1.100 to 192.168.1.104 as 'voipips'

Set the firewall rules to:
voip outbound
Protocol:  Any
Source port:  ANY
Source IP:  voipips
Dest. port:  ANY
Dest. IP:  ANY
Queue:  qVoipUp

voip inbound
Protocol:  Any
Source port:  ANY
Source IP:  ANY
Dest. port:  ANY
Dest. IP:  voipips
Queue:  qVoipDown

No, if you put the "voip IP", it applies to all traffic wrt that host, AFAIK.  yes, for IAX2, you can prioritize UDP/4569 though.

In 2.0 you can use the traffic shaper wizard to setup rules that will affect all WANs, and give some priority to different traffic.

Though if your downloads are on port 80 and the streaming video is also on port 80, it may not really be possible to differentiate accurately in an easy way.

You're probably best paying for the commercial support service that's available since it sounds like you're massively out of your depth.

@changhe:

I got an answer from the moderator heiko in the german speaking part of this forum:

@heiko:

Hallo,

nicht möglich auf 1.23, nur mit einer Spzialversion der 1.2 von Ermal. Drer Traffic Shaper is in der 2.0 komplett überarbeitet und bietet dort auch IPSec TS etc.

Regards
Heiko

Translation:

It is not possible with 1.23. There is a special version of 1.2 from Ermal, which can do it. The traffic shaper is completely reviseded in 2.0 and has traffic shaping inside it's IPSec tunnels etc.

mh, okay. i'm now strugled over this post. i need also this shaping inside the vpn tunnel, because the tunnel use the full bandwith.

regards

ermal,

When we discussed this the other day, you said with multi-wan it was better to put the limiters on floating rules (unless I misunderstood something, which when it comes to shaping is quite possible).

Or perhaps that was specific to what the other person was trying to do.

P2P trafic can't  detect any rules  :-[