Did you reset states after running the shaper wizard? How did you specify the lanhosts in the penalty field? Did you set WAN and LAN as outbound and inbound interface when running the wizard?
OK, I think I've resolved this problem. I've done the following steps:
Tweaked the Windows Registry using numerous HOW-TO's found on the Internet, especially TCP Windows Size, Request Buffer Size and TCP 1323 Options.
Rebooted the Windows server.
This has resolved the problem, and copying a 300MB file now takes approximately 2 minutes!
Thanks for everyone's assistance and time.
Im running 1.2 final and I may be trying to do something similar, can someone confirm?
I have my Webserver in the DMZ and have a LAN and WAN if. Currently I am shaping the LAN and WAN with simple shaping to prioritze the VoIP data. I also want to limit all LAN -> WAN traffic to some KB limit to ensure the DMZ if gets all the bandwidth it needs.
Since the DMZ is bridged to the WAN, is this not possible in 1.2 ?
Thanks
In my case, it's finally works by doing the following.
Setup Traffic Shaper by the wizard, then goto Firewall: Shaper: Queues to setup the bandwidth for each queue. For example, given smaller maximum bandwidth to P2P traffic, then the Status: Traffic shaper: Queues can be load without problem.
Thanks hoba! I know I have been asked many dump questions but your help is most appreciated!
Aldo
@brizio:
Ok, thanks but is it possible define a maximum bandwith that an user can utilize ?
I mean in case I have a 2MB of bandwith on my Wan link I would like that an user can utilize a miximum of 1MB, is it possible ?
Thanks
This may be done by squid more simple: define a one connection speed less than maximum available for this acl. In this case is possible to make difference between http traffic types
Multiinterface shaing is not really working in 1.2 (search the forum) but it will be much much better in 1.3 (see the trafficshpaer thread in the bounty section).
For now you could do something like this:
wan upstream is upstream on wan interface
lan downstream is downstream of ALL your wans
This won't work perfect of course but it's the best that you can do in 1.2 currently, at least when working with only one pfSense. Other option would be to have an additional system inline on wan only doing shaping from wan to lan as workaround until 1.3 is available.
ISP1-------wan/pfsense/lan-------wan lan-----
ISP2-----------------------------wan2 pfSense optx-----
ISP2-----------------------------wan3 opty---
... ...
I think this is a general problem with asymetrical links. I have a 16000/800 kbit/s ADSL2+ at home and if I download at full speed my upstream is almost full with ack packets only. If then other traffic comes on top it might see some drops. However 125 drops in 1 day 4 hours is really not much or better said almost nothing. I would simply just ignore it.
The answer has changed slightly.
Search the forums. Doable in 1.3 or through the bounty system.
It allows full shaping of ipsec tunnels inbound and outbound.
Ermal
Yes, the only thing different between embedded/CD and full installation is the option to use additional packages with full installs. All basefeatures are included in the embedded version as well.
As Scott said in some posts before ask your question in another thread.
The answer to your question is a plain NO.
Remember that this is just a recommendation and not suitable to every case.
Ermal
I can tell FTP sucks. I spent an hour searching around these forums and mailing lists through Google and came up with the same conclusion. I was hoping maybe someone knew something new, oh well..
Thanks for the response. I'll keep my eyes open for 1.3.
Trafficshaping in pfSense happens always outbound at an interface. This means your WAN upstream is shaped outbound at WAN whereas the WAN downstream is shaped outbound at interface LAN.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.