#define HFSC_MAX_CLASSES        64 /usr/src/sys/contrib/altq/altq/altq_hfsc.h Not sure what would happen when you raise the limit but I have heard others have had success in doing so.

I would guess though but you can't edit them through the gui then later. You also can try to find and remove the check in the webgui code but that of course is not officially supported (as well as trafficshaping config.xml hacking).  ;)

Thanks ! Works fine, but there's no multi-wan shaping possible, eh ? To define one "Bubble" out of all WAN Interfaces and shape traffic there for example… Well it works this way too, I just had to force this Alias to use only the WAN IF, thanks !

All traffic will run inside this one queue. It won't create a queue per source or destination IP. m0n0wall has an option to do this but m0n0 uses a completely different shaper mechanism.

If anything in the rules/queue construct is not correct you will get some weird errors. You probably have some rules that are still assigning traffic to these queues. We currently only support wizard created rules and queues. Everything beyond that is a bit tricky and you really have to know what you are doing.

In the official release of 1.0.1, there is no borrow option in queue setup (let's say, there might be but I cannot find it). Queues use HFSC scheduler instead of PRIOR as in the previoud version. I tried to config all queues as the in Rep1. Actually, I have 20 PCs. Threrefore, I assign m2 of Realtime to 4% and Linkshare to 10% and leave all fields of Upperlimit blank. I also set the default queue to have 1% realtime with 1% upper limit and ACKs queue to have 10% realtime with 25% upper limit. However, the system reports that the aggregate bandwidth of child queues is greater than the root (which has BW of 1020kbps).

@rwalker: Ok, I opened another thread about this very issue and no one responded with anything remotely useful.  So here is the evidence I have collected to confirm that the traffic shaper in it's current form is worthless! Here is the test setup I have isolated.  I have removed everything I can possibly think of to make this as simple as possible: Cisco 2924 switch #1 with my test "workstation" and the internal pfsense interface.  Cisco 2924 #2 with pfsense outside and uplink to network.  This is all 100meg links and thoroughly tested that it all works.  I got a clean pfsense box with nothing else on it.  It has 2 broadcom bg0 interfaces in it (I have tried 2 intel, 2 realtek, 2 dc0, it doesn't matter), there is no other packages running, I turned off all unnecessary services.  I can run 75 meg/s through this box and it barely breaks a sweat!  The ping times stay at under 1ms at ALL TIMES! As SOON as I turn on the shaper it all goes to SHIT!  I can set the shaper to 5 meg/s and make sure I don't go anywhere near that, and i will start to see fluctuations in the ping times.  If I get about 90% of the shaper bandwidth, the pings really start to go off.  Before I reach 95%+ of the bandwidth, the box is pretty much worthless.  The pings will time out, traffic and streams start to break up. Before everyone starts with the normal misconfig crap: I have ICMP set to highest priority.  I can setup m0n0wall or IPCop on the same box and it is silky smooth with the shaper on and does exactly as I would expect.  The only reason I am even spending my time here, is because I want to see it get resolved.  Unfortunately, I do not have the time to solve this myself.  If you need help testing, I am happy to help. One piece of advice, move the LAN (downstream) shaping to the WAN interface on an ingress queue where it belongs.  If you need an example of this, just drop me a line. Roy Seeing as inbound queuing is a lie in the first place, I'd like to see how you plan on doing inbound shaping.  I have half a mind to remove that part of the code altogether, it can't work, it's impossible, it's too late.  Also, altq doesn't actually allow for inbound queueing…for that exact reason, the packet has already crossed the wire.  We don't need testers for the shaper, we need someone who can spend the time to fix issues they find with it.  When that person has something to test, I'm sure they'll call for testers. --Bill

One of the variations I tried involved a recent snapshot. But I don't remember if it was a stock configuration or not. I was using a variation of the mkflash_new.sh script to modify the cf images to add different drivers and stuff. It took me awhile to get my barrings, it was my first time working with FreeBSD. BTW, I think there is a bug in the mkflash_new.sh script. Near the end of the script it tries to unmount the device instead of the directory which causes a file system check the very first time the machine is rebooted after writing the image to the CF disk. It isn't a huge deal since the file system check fixes the issue for future reboots. Original: cd $FLASHTMP umount /dev/${MD}a umount /dev/${MD}d echo "date '+%b %e %T': Cleanig up." Modified: cd $FLASHTMP umount mnt/a umount mnt/d echo "date '+%b %e %T': Cleaning up."

Yep.  ALTQ shpaing is a black art and one that will bloody your nose at times :(

sorry for the annoying but , can i give an higher priority with or without the traffic shapper , on a specific port range (regardless the lan coming to ? ) regards

Hi, use command in to shell: Example: "tcpdump -e -i pflog0 dst host 10.211.0.11" tcpdump -e -i pflog0 src host 10.211.0.11 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 13:05:02.396415 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.59965                                                      > www.abradio.cz.http: S 1488749629:1488749629(0) win 65535 <mss 1460,nop,nop,sa =""  ="" ckok="">13:05:19.054825 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.65421 > email.seznam.cz.http: F 1625822815:1625822815(0) ack 2522178552 win 65192 13:05:19.107717 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.60423 > email.seznam.cz.http: S 3563559450:3563559450(0) win 65535</mss>

In that case we need your queues and trafficshaper rules settings along with your alias settings.

@imitator: My ISP set for me limit of transfer 750 mb per month. Can I limit that on Wan interface? If yes, How? P/S sorry about my English (I'm from Ukraine) This is not possible with pfSense unless you start hacking in something.

If you do not yet use the VOIP queue for anything run the wizard, check it and choose something like "Asterisk" in the dropdown. Now all you have to do is create an alias like Justinw said and change the ports in the created voipshaper rule to this alias.

I think it should eb enough to drop the last client to the default queue and he'll get what is not used by the other queues.

Running Samba on your firewall is not only unsupported but its very dangerous. I strongly suggest that you do not do this, it violates almost every security best practice in the book.

thanks… i figured that out not too long ago

Trafficshaping inside IPSEC is not currently possible. Try to setup a limit at your ftp server. Most ftpservers support this.