i made this post about year ago referencing an older post with the same issue with no resolution, never got a reply. hope you have better luck

I'm confused.  If the two computers are on the same subnet, the pfsense should not even be involved.  Can you describe your network topology more clearly?

@daftaronline: There were error(s) loading the rules: pfctl: real-time sc exceeds 80% of the interface bandwidth (51.20Kb)/tmp/rules.debug:23: errors in queue definition pfctl: real-time sc exceeds 80% of the interface bandwidth (416Kb) /tmp/rules.debug:24: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded – The line in question reads [ real-time sc exceeds 80% of the interface bandwidth (51.20Kb) /tmp/rules.debug]: … when i enter trafic shaping wizard and click finish i get that warning. please help me… thx Obviously you have set some initial values that are not possible. As you see, realtime traffic can only exceed 80% of interface bandwidth. Try using percentage values. BR, Tommi

@pippolini: Same as above…. can anyone help us out here? i want to donate to the project in exchange for the new bounty. i tried running 2.0 BUT, i cannot migrate my 1.2.3rc1 over to it. even tried restoring only certain sections. please, all i need is the new shaper on the more stable RC.

I've got about 2700kbit/s of downstream (after overheads) to go around 36 clients.  :-[  Let's not even consider upstream. Gaming traffic is actually quite minimal (<30Kbit/s per client; more if the client is a game host) It's a matter of managing the other services (web surfing, streaming youtube/ tagged videos etc) so that they can't saturate the line.  Line saturation is a big culprit in making latencies skyrocket. Since most of the services being capped either use TCP (able to re-transmit, responds to ECN) or have buffers (streaming videos), dropping the packets on the downstream to force the source to throttle back actually works remarkably well. Comparatively, most online games use UDP (TCP is used only for authentication) and don't have netcode optimized for lag compensation and interpolation (like Halflife engine), dropping/ limiting the packet stream is out of the question.

Glad to be of help.  ;D  I kind of totally forgot about the queues being tagged to in/ out interfaces.  ::)

Check the wizard again, I am pretty sure you can whitelist an IP or somesuch.

I encountered this problem too, all traffic isn't limited to the queue correctly. Can i do that? and how to do? thanks!

Yes. If you set the bandwidth share to higher than you need, then the shaper reserves that amount of bandwidth for your calls until all the packets have cleared.

@tekzone: Hello, I am looking at Pfsense for doing some QoS. In the current situation, we have an "Admin LAN" that includes all of the staff's computers. This LAN has a bad tendancy to eat all the Internet bandwidth for random downloads. We have decided to put some QoS on this LAN. We have a Fortinet box doing this at the moment. The problem with the Fortinet box is that is doesn't split the bandwidth in a very smart way. Basically if someone downloads a huge ISO file, they get all the bandwidth and everyone else has slow or no Internet access. This is not a good solution at all since people can't work anymore… Would this be the case if I apply QoS with Pfsense ? The Admin LAN would be a priority class. Would the bandwidth be shared equally amongst all the computers in this LAN ? Is there is special mechanism ? Thank you in advance for your help, Antoine It should work fine if you just fire up the traffic shaper to give priority to the Admin LAN and set your WAN/ LAN root queue bandwidth properly.  You must set it to what you can get, not what you theoretically should get.  To be safe, set to 90% of what your connection is rated for. For whatever the reason, I've found that Linux based routers don't handle situations like that well.  Even those that use HFSC don't seem to queue the requests properly.  A single bandwidth hog slows down the rest. pfSense seems to handle this very well even without trying to limit/ prioritize per host.  It just seems to split the bandwidth quite evenly as it goes.

@xaviero: guess not, only need 2 box… 1 box for dual wan which contain load balancer n fail over other box for traffic shaping n maybe with proxy.... Ok, thanks xaviero, I having difficulties understanding the possibility of this. This is how my setup looks without using any form of shaping, so it's possible for me to shape the dual wan using 1 extra box? Could somebody help me understand where in the following diagram it would be included. The internet lines are different speeds so i wish to shape each line slightly different. I was under the impression i would need a shaper at location (a) and (b) in the following diagram therefor using 3 boxes, shaping only being able to shape between 2 interfaces etc. If i was only using 2 boxes would this shaper be placed at ? If so, how does it know which internet line to base the shaping of traffic / bandwidth available etc? Internet1       Internet2   ||                  ||     a\              b/     Load Balancer/failover              |c|        LAN Switch           |       |          pc1...pc6 Thanks in advance for anybody who takes the time to read this, and any feedback is appreciated. Thanks  :)

@jonnytabpni: I may be on to something here (in my head): What if I set the "penalize" setting to the whole LAN subnet, then manually create a rule and place it at the top to override this?? Would this work? had no idea…. maybe u can try it first.. i think policy routing that u use now, maybe the best one