Basically you only need to shape on the WAN. This will shape on the outbound. For inbound, it is going to go as fast as possible. The inbound drops packets and causes re-transmission on the remote system. This is mechanism that slows inbound. I would try only limiting WAN and see if that works for you. If not, then try CBQ or PRIQ and see if that will work better for you.

You can approach what you want using traffic shaping and scheduler field of Firewall Rule.

You can use to achive this. First create a Queue on Traffic Shaper. Second attach the queue to traffic which you want to limit or prioritize.

You can use Traffic Shaper to achive this.

IF you use Squid with Traffic Shaper you can shaping http traffic via Default Queue.Bcause of squid bypass http traffic.

You can achive this by using hsfc traffic shaper.You can use  Service Curve -> Upperlimit  ->m2 field  on proper Queue. Then attach queue to the rule involving  host alias.

Are you using squid with traffic shaper ? if yes : Squid bypass traffic on port 80 , so traffic shaper can not catch the traffic , then the traffic port 80 and all of other uncategorized traffic flow on DEFAULT QUEUE.So you give 1 priority to Default Queue but there is no traffic matching other queues , therefore Default queue pretend to eating all of the available traffic. if no : I recommend HFSC

I'm sending mp3, httpvideo, httpaudio, flash, http-itunes, http-rtsp, quicktime, rtp, and rtsp to the qotherlow queue and I'm blocking audiogalaxy.

Follow the Traffic shaper wizard (single wan/multi lan), and it will eventually ask you about VOIP provider/settings. Fill in the details and it will create a rule for voip traffic, found on the 'floating rules' tab.

@slth: Alas, without any result: bandwidth isn't being limited at all  :( Hi, try to check the order of the firewall rules, maybe a previous rule is applied to that traffic so the firewall doesn't process the rule with the IN/OUT options…

@Gitsum: I think the QOS feature in pfsense is broken. I tried for too long trying to get it to work. I gave up and went back to my dlink. well… it's for sure not easy, the first time I needed support to let it work, and before 2.0 RELEASE I think was not also so stable, but it is working very well on my firewalls now. I had the same doubt that I am missing or mistaking something...

Thanks again for the info.  I'll see what I can do.

Yes, that's it. Thank you!

I also just found out that if I enable/disable a queue Interface (e.g. WAN), saving in between and apply, the stats (drops, etc.) reset. yakupm

I have a similar pfsense box with the features you ask. Please see my post. http://forum.pfsense.org/index.php/topic,42927.0.html Hope this helps.

The devices are iPads and we dont wish to use a proxy. iPad apps dont all work nicely with proxies, especially if that proxy requires authentication. So we have a seperate web filter that operates as a transparent bridge which does web filter, but not SSL intercepting. Then we have pfSense box on the other end of that as our main WAN router. One single subnet for our whole internal network, so pfSense is just being used for pure firewall and NAT type stuff. Had hoped the L7 stuff was the answer, as there doesnt appear to be any other way to do it. Guess we just have to live with iMessage and FaceTime on our net :(

you'll have to tell that it uses vlan's.. pfsense cant look from crystal ball if vlans are needed or not ;)