Self-solved. Wrote two new functions in status_queues.php and added a call to SortStats in the existing processInterfaceQueues call:
processInterfaceQueues(SortStats($stats), 0, "");
Code is not so elegant and is not optimised but it works. Sharing for interest.
function SortStats_AppendCurrentAndContained(&$sorted_qname, &$raw_real_if_qlist, $qname, &$qdata, &$qcontains)
# Sort the list of child queue names and store back into the original 'contains' array
$qdata['contains'] = $qcontains;
# Add the current qname (which 'contains' other queues) to the sorted_qname array first
$sorted_qname[$qname] = $qdata;
# Then add the contained queues, in sorted order
foreach ($qcontains as $qcontainedname)
# Retrieve the queue entry for the named queue
$qcontained = $raw_real_if_qlist[$qcontainedname];
# If it has a 'contains' array, recurse the addition of current & contained queues
SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qcontainedname, $qcontained, $qcontained['contains']);
# Add the queue data for the named qcontained into the sorted_qname array
$sorted_qname[$qcontainedname] = $qcontained;
foreach ($stats_to_sort['interfacestats'] as $raw_real_if_name => $raw_real_if_qlist)
$sorted_qname = array();
foreach ($raw_real_if_qlist as $qname => $qdata)
# If it has a 'contains' array, sort the children and build out the sorted_real_if_qlist
# Append the current and contained queues
SortStats_AppendCurrentAndContained($sorted_qname, $raw_real_if_qlist, $qname, $qdata, $qdata['contains']);
# Assign the sorted array of queue names back to the raw_real_if_qlist
$stats_to_sort['interfacestats'][$raw_real_if_name] = $sorted_qname;
Does anyone else have any view on using both altq and limiters. I tried it worked for a while, seemingly, then the routing got blocked. I can’t quite understand why but it now seems like you can’t use both at the same time.
@brswattt some further comments. I would suggest you set the "queue management algorithm" to coddle in both the limiter (parent) and the child queue. You've set the scheduler but not the QMA.
Also, presumably you initiated the connection to steam. In which case I think you need to apply the rules on the LAN. I suspect that is the problem. If not, I would mark the rule to to be logged and then look at the firewall log and make sure your rule is triggering correctly. If not, work out why. You seem to be aware of the need to sometimes set quick actions on the floating rules to make the fire immediately but it could be something like that (though not from the looks of things).
As an aside, I would avoid using the floating rules and the WAN until you have this set-up right on the LAN itself. I say this because it is just easier and, as NAT is applied before the rules apply on the WAN, there can be problems writing rules that hit the packets intended. The workaround is tagging packets on the original interface before they hit the WAN then searching for the tagged packets. But the point is avoid applying stuff on the WAN and via floating rules until it is right on the interface rules.
@theskelly Traffic not assigned a queue will go into the default queue. You can go to Status/Queues and watch them to see if yours is getting into the right queue.
If it isn't working, look at open states and see if the state matches your rule. For instance to de-prioritize a certain web site, it's not a matter of matching traffic from the web site to *, it's from * to the web site, and the reply/download just matches the open state.
I found that the Comcast/Xfinity speed test site is testing about 40 Mbps downloading to our office
Finally tracked this part down, and kinda feel dumb, but speedtest.xfinity.com has a gear in the upper right to change protocols. Testing over IPv6 tunneled through Hurricane Electric is throttled to around 40. Testing over IPv4 is the expected speed.
My provider used to source RTP directly from the carrier servers (not their own) but always had their own SIP.. (has since changed)
Depending on what you have on your end.. Server or Clients.. Look to see what your clients are connecting to. If you have a local on site SIP server it will still act as a client to go out to the providers server generally.
Look at connection states to see what things are trying to connect to. Do you have DNS of their stuff? sip.frontier.com?? ect..??
Outbound everything is allowed by default. In some cases the provider does want inbound NAT (I don't usually agree with) and in some cases you will only need firewall rules to allow the traffic to the client.
This video explained it all. The other documentation was either unclear or the process was not intuitive.
For example I needed to make the firewall rule on the LAN and use the source IP. I assumed the WAN is needed to be limited to a destination address - and that didn't work. I also needed traffic limiter entries for In and Out.
It worked for the videos. 10Mbps still invoked HDR for Amazon but 6Mbps brightened the picture considerably. I will experiment with other speeds a bit later.
@emikaadeo Hi, can you show me your rules?
I have a similar setup with some traffic through the WAN and some through the load-balanced VPNs.
I would like to add traffic shaping to improve the overall internet experience in my home.
@kom Although I am using "multi WAN" (WAN and VPN), my applications are running on the WAN interface. There are no Gateway Groups or anything, I just have the VPN assigned as a gateway for a couple of devices (not for the server running the torrent client).
@psilospiral A shaper is better than a limiter because the low-prio stuff can use full bandwidth if the network isn't busy. You don't have to guess how much bandwidth might be needed. When other stuff starts happening, the low-prio traffic gets dropped. You can also try the fq_codel shaper as it's reportedly easy to setup. There are good YouTube videos on how to configure it from Netgate and Lawrence Systems.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.