stechnique well the goal was to approximate this with percentages uasing a percentile seemed easier I only specified the values above because I thought that may be better since the percentage values are giving me such a hard time ( thinking by specifiying it I can make shure the math of the child ques doesnt exceed 100% of the parent ques ) which should fix the errors I get Ermal that is a most helpful explanation hopefully this may help some others as well Thank you muchly

I would love to help with this if anyone is interested.  There's not really any documentation needed any more than what is already here really.  I was using the latest 1.2 stable release, set 4/1 down/up, and set all upperlimit on the download to m1=20% d=12000 (12 seconds) m2=10% Or whatever you'd like for the values, and checkmark *Random Early Detection *Random Early Detection In and Out *Explicit Congestion Notification *This is a parent queue I have a 1.72 P4 cpu, 1 gig ram, 35gb drive, and two 3COM NIC's, one for LAN, other for WAN.  I just wanted something simple, checkmark some things, and implement.  This seems to have done it.  I was missing the Random Early Detection, Random Early Detection In and Out, and Explicit Congestion Notification checkmarks, after that everything is working, and ha been running so far for 10 days, and 3.5 hours.  I connected it to a linksys wrt54g router with DD-WRT with dhcp relay set to point to the pfSense box, which is doing dhcp, and each client can connect and do whatever pretty much, and not have the WAN side go crazy with too much traffic. If you'd like i will find my old post, copy/paste this -> to that, and you can close this one, so no duplicates.

Anyone? Any link?

Probably multicast issue, you have to allow that in the firewall.

Any outoging traffic on an interface where shaping occurs will be effected by the policy in place. So the traffic leaving lan will be shaped the incoming on lan no. (Beaware that this limit is removed on 1.3, just as an FYI).

Cheers for that - a very good link. Until the 'book' is finished it will have to do.

You haven't given anyone the details necessary to answer your question.  The number of people doing traffic shaping on multiple WANs is probably fairly small.  The knowledgeable people who may have read your initial question may have been to busy ask you for more basic details so they could offer a suggestion. You did not explicitly identify which version of pfSense you are using. You also pretty much answered yourself in your question by saying that you "know that Multi-WAN and Traffic shaping isn't working quite right."  I would bet you have already seen the answer in the forums or wiki to have come to that conclusion. I do not have multiple WANs setup so I can't help you.  Your follow-up came off a little pushy, so I thought I would try to give you some possible reasons why you have not gotten a response.

Just create 2 queues that are childs of either qWANroot/qLANroot and setup only their realtime m2 parameter to 50%(literally).

Its not that simple lot of changes were required in the core of pfSense to accomodate the new traffic shaper. So the answer is no, it is not just a matter of copy paste on the gui but also no changes are needed to the core altq support in pf.

I'm not really familiar with custom traffic shaping rules, but your first rule shows: source: LAN-net, source-port:28960 destionation: any, destination-port: any This will never happen, because the source port is something random. I suppose this rule should look like: source: LAN-net, source-port: any destionation: any, destination-port: 28960

I've experienced some shoddy network experiences when running VMWare and pfSense… Packet drops here and there, flaky speeds, MTU issues... It's not pfSense's fault though. It's not the best idea to run a firewall inside a VM due to security holes (your firewall is supposed to be your overall network protection, currently your system is reling on the security of VMWare's virtual NICs...) Hope that makes sense cheers

1.2 cannot really shape ipsec, search for in the bounty section and you will find a solution or wait for 1.3 Regards heiko

@bertw: @datafirm So from what I understand your PBX is on the WAN side of the pfsense, no IPsec. I would suggest not filtering on ports but on PBX IP. Try changing the rules like this: WAN->LAN  *   <ip of="" pbx="">*                   qVOIPDown/qVOIPUp    VOIP Adapter              LAN->WAN  *   *                  <ip of="" pbx="">qVOIPUp/qVOIPDown    VOIP Adapter Regards, Bert</ip></ip> Thanks for the suggestion, but that is what I am currently doing.  We are filtering all the VoIP phones and the asterisk box, all of which are on the LAN side connected through pfSense. We still do not get much if any traffic through qVOIPDown.

@YeOldeStonecat: Try the "BandwidthD" plugin. "BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded." Wow! That's it! I forgot about packages… Though I installed nmap package before... :) Thank you so much, sir! :) Would you like to point me, when I can see results of bandwidthd package job? I surfed through almost all menus and submenus and didn't find such a graphs (or I saw them but didn't understand this is bandwidthd's graphs... :)