OK, That thread looked to me to be the correct. Thirty lashes for the noob…. got there via google, didn't realize it was bounty territory! I have installed 1.2 and setup the traffic shaper.  This is nicely leveling the playing field for the users at 300kbs. The penalty box will be great for really putting the screws to someone if needed! What I am really looking for is a way to let certain IPs bypass the TS ( like the apt mgr) and get full speed.  I would like to use firewall rules generated by scripts in the login portal.  I had figured this out with monowall and dummynet pipes a few years ago.  Not sure how this would work in the pfsense world. I have seen things in the posts here that are close, but addressing different issues.  I just need a push in the right direction.....or told it is not possible. Thanks.

It's quite simple.. Make sure you set your upstream and downstream bandwidth correctly… otherwise your shaping won't work properly. In your shaper rules, set all source and destinations as a wildcard ( * ). Next, edit your qwandef and qlandef queue. Check the box that says "Random Early Detection". Give it a test... Let me know how you make out. /asl

Sorry, there's actually a bit more work you need to do. Once you set your rule's source and dest as *, you need to modify the qwandef and qlandef queue. Edit them and check "Random Early Detection" Save, apply, done!

Ermal look at the trouble that I have to modify SourcePHP.rar.txt on pfsense 2.0

I'll have to try it again. I did do that, but it looked like it was shaping traffic in one dir and not both

Search around and always keep in mind that you can shape only on 2 interfaces on 1.2.X you have to go to the ALPHA snapshots for something else.

Did you read in the forum at all before posting this question? http://forum.pfsense.org/index.php?action=search ->http://forum.pfsense.org/index.php?action=search2 –>http://forum.pfsense.org/index.php/topic,2718.0.html

Thanks you. Thats it. :)

@Evald: you can add a rule that match the destination port 1433/tcp Microsoft-SQL-Server 1434/tcp Microsoft-SQL-Monitor 1434/udp Microsoft-SQL-Monitor and give them maximum priority Thanks! Could you explain how to do that in details?  :P

This will change in version 2.0 (estimated release 4Q 2009) Follow it's progress on the pfSense blog http://blog.pfsense.org/?p=208

Thanks - I have submitted the Feature Request at your suggestion. http://cvstrac.pfsense.org/tktview?tn=1838 – Phob

I want to add a link to the quote I pulled from ermal above, because the couple of exchanges that happen after it in the original thread could also be helpful to people looking this stuff up. http://forum.pfsense.org/index.php/topic,2718.msg48336.html#msg48336

Awesome, thanks Perry.  It seems to flip back and forth every now and then now :) In this case, since I'm not using sticky connections, I need to set up policy-based routing for certain types of connections, right?  Like ssh, https (443), etc?

Thanks for the reply, I already resolve the issue by removing the dns server on pfsense because it is the one using most of the cpu. are there any links for improvements of 1.2.1? :)

@XDJ: @ermal: Is it so hard to search/read othe rposts before posting?! Gee, I never thought of that!  ??? Is it so hard to realize that maybe I did not find anything that (in my limited knowledge of the subject) appeared to apply to my specific situation?  If was very knowledgeable about Traffic Shaping and Queues I wouldn't have asked for help. Makes me miss the warm and fuzzy treatment of the Smoothwall team! How would you feel after reading the same question over and over and over again from people that didnt even try to search if their answer is around? The forum has a search function for a reason ;) (Also i dont think the smoothwall developers interact with their users directly without payment..)