Thats what I thought, it was a dumb question. I have searched the forum for the keyword transparent and came up with lots of other people asking if it will do (trasparent shaping) and its seems it will with the 1.2 version i.e. ala brided mode. I will install that tomorrow and see how it works. Thanks for the reply…

This is still a problem for me. Here is the shaper rule for a local IP: [image: shaper_rule.png] This IP is only able to upload to the internet at 300kbps.  All traffic coming from this system is supposed to fall into this queue.  All of it does, unless it is a connection that is forwarded over the NAT. Here is my NAT rule: [image: nat_forwarding.png] When someone connects over SSH (the port 22 that is forwarded) from a remote site, they are able to download files from 192.168.75.51 at the full bandwidth of our connection.  The connection is not being placed properly by the shaper rule into the proper queue that would limit its bandwidth to 300kbps.

Thanks, I was hoping there was an easier way to do it. Anxiously awaiting the stable 2.0…  :)

@ermal: Or it is dropping cause the queues are too short. Without proper analysis nobody can give a propper answer. You cannot really say that a box routes 1Gbit traffic is overloaded by ALTQ, i would just say that there is no complete information to say anything. Beaware that HZ might need to be tweaked too to handle the load. cough Yes I can. –Bill

Just run the wizard it will help. If you want try out the layer7 shaper to 'really' shape bitorrent.

No problem!  I hope it helps!  One of my favorite speed testing sites is http://www.speedtest.net It's very reliable, and it stores results for your IP.  You set your download AND upload to 2700?  This is a good starting point, and you may be able to fine tune it some more by averaging your capacity over time.  Again, if this is a business you are setting this up for, make sure you also know if the phones use the paired T1's. A good stress test on your shaper is to ALLOW P2P traffic and attempt to download multiple Ubuntu (for example) torrents.  The goal is to saturate your pipe and to start sending out as many ACKs as possible to make sure you have everything tuned correctly.  You have the added benefit of also testing out other queue reservations, to make sure the saturation isn't bringing everything else down to it's knees.  (Like system related traffic, mail server, web server, vpn server, etc)  P2P traffic is a good way to do this, since you are connected to so many peers with a lot of data coming down. Then when you're done, PENALIZE P2P traffic in it's lower priority queue.  :)

actually i didnt set the penalty box in the wizard so can any1 tell me how to specify it manually now?

Do you mean you lose internet connectivity when enabling traffic shaping? used the wizard? what about your firewall rules? any more info. will help for sure.

@dvserg: @Still: I got the same issue here, qOthersDownH is moving SOMETIMES but max. value i saw was about 32kbit/s , othertimes am browing the web and dont see it move at all. I already tried to edit the rules making it 3128 instead of 80, same results. any input is appreciated. You must use squid bandwidth option. Squid traffic can't be catch by traffic shaper rules. Do you mean squid traffic managment? if so then yes i do for some specific extensions, so should i enable throttling for all traffic so can TS do its job? thanks for your attention and reply.

is anyone out there?  :-\

My problem may not be traffic related, but possibly a hardware incompatibility. When I go to the webui and bring up the traffic shaper, my pings to the internal interface of the pfSense increase in latency.  You can see the period before I click on the traffic shaper, 1ms.  Then while the rules are all loading the latency increases substantially.  Then when the rules are done loading, the latency drops back to normal. C:\Documents and Settings>ping -t 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time=141ms TTL=64 Reply from 192.168.3.1: bytes=32 time=173ms TTL=64 Reply from 192.168.3.1: bytes=32 time=208ms TTL=64 Reply from 192.168.3.1: bytes=32 time=220ms TTL=64 Reply from 192.168.3.1: bytes=32 time=234ms TTL=64 Reply from 192.168.3.1: bytes=32 time=266ms TTL=64 Reply from 192.168.3.1: bytes=32 time=286ms TTL=64 Reply from 192.168.3.1: bytes=32 time=300ms TTL=64 Reply from 192.168.3.1: bytes=32 time=314ms TTL=64 Reply from 192.168.3.1: bytes=32 time=328ms TTL=64 Reply from 192.168.3.1: bytes=32 time=329ms TTL=64 Reply from 192.168.3.1: bytes=32 time=359ms TTL=64 Reply from 192.168.3.1: bytes=32 time=361ms TTL=64 Reply from 192.168.3.1: bytes=32 time=366ms TTL=64 Reply from 192.168.3.1: bytes=32 time=398ms TTL=64 Reply from 192.168.3.1: bytes=32 time=403ms TTL=64 Reply from 192.168.3.1: bytes=32 time=410ms TTL=64 Reply from 192.168.3.1: bytes=32 time=409ms TTL=64 Reply from 192.168.3.1: bytes=32 time=413ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Reply from 192.168.3.1: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.3.1:     Packets: Sent = 28, Received = 28, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 0ms, Maximum = 413ms, Average = 211ms I get the same results when pinging the internal interface or the external interface. These tests were run while there was no major data being passed. The hardware is a Dell Optiplex GX150 using the built in NIC and a 3c905b NIC.

I thought the traffic shaper was limited to 2 interfaces only.