@nykollas:

And for the LAN how can I make sure that they are not using manual IP addresses ?
I am thinking to use static IP address for each user and create an aliass from their range, and have the firewall to pass the traffic with the bandwidth limit rules. And block everything else in case they are changing manualy their IPs.

I hate those people also  :D
you can use ipguard
http://ipguard.deep.perm.ru/
By

it can bind ip address to mac and prevent (as much as it can) others from changing there ip's by adding mac-ip pair in file like this

00:11:22:33:44:55 192.168.1.2
00:44:55:66:77:88 192.168.1.6

actually idon't know why it hasn't been added to pfsense packages. if users can take any ip they want ,then all firewall configuration and traffic shaping is in vain.

if u set wan to opt and opt to wan then that will work only till a restart.
try switching to 2.0

i too suffer from this issue, and i thought its just me… with aggressive apps, drops could sometimes reach 5 digits.. it doesnt matter if qlimit is specified or not, but it happens either way.

would be good to hear feedback from a dev

a bit old thread, but the same question…
so, dreamslacker, you say that this example u wrote would help in our case (yes i've got the same problem as sofakng)?

thanks

I don't think it will be considered that way - I ran into the same issue with VOIP packets, where because they had ToS of low delay they got put on the ACK queue.

@danswartz:

I thought the answered the same question somewhere else on this forum, but here goes: I am pretty sure that the shaper cannot prioritize stuff once it is inside the tunnel.

Technically though it should be prioritizing it AT the tunnel, like a WAN connection does right? Inside the tunnel is not important so long as it does it before it hits it. Again just as the traffic shaper does this with a WAN connection to the Internet, it has no control of what the data does beyond the interface, i.e. out to the Internet and to the destination, but only up to that point.

I can't see why it isn't doing this now, unless there is something that IPsec-PPTP-OpenVPN(?) prevents it? That's why I asked originally.

Traffic shaping in Pfsense 1.2 is based on IPs and ports, so indeed as you say it is quite useless to classify and shape torrent traffic. In 2.0 there will be "L7 filters", which work by packet inspection.

Squid in transparent mode will send everything to qlandef, see http://forum.pfsense.org/index.php/topic,14436.0.html

ok so i changed my max speed from 800kbps to 800mbps.
it made a dfference however one last problem exists.

the traffic shaper chokes youtube. when its off youtube can stream not so fast but ok .. with it on i get pauses…

Well if it's there, it's meant to work.. and if it's not, it's either a bug or I'm doing something wrong… I hope there are others who can test/confirm this.

Update:

OK, did a fresh clean install.. what I had said earlier may have been inaccurate, i think there needs to be a rule for each queue else something goes frenzy.. I removed all the queues to start have my own rules, doing further testing now to confirm.

Update 2:

Further confirmations required, as it is right now, every queue must have at least a pair of properly (confirm again please) written rules.
To test, I deleted all rules, got the errors. I added manually following the same format. The errors disappeared.

Note to developers:
The Apply Changes + Save can be a little misleading. Some sections after making changes you get the Apply changes box. (example, adding a queue). In many sections, we get this, so I have grown accustomed to pressing apply changes once I'm satisfied with them. However, when deleting rules, I don't get this "Apply changes" button, and since I'm already accustomed to it, I sometimes completely forget the need to press "save". Well, rather trivial, but i thought worth noting.

One problem with using bursting to "prioritize" web browsing over http downloads is that you need to set a hard upper limit as m2, meaning that even if there is only 1 client online, he can only use that limited bandwidth to download, which is a bit of a waste IMO.

It would be nice if there was some way to give a higher priority to bursts without having to specify a hard limit, so that the full bandwidth could be used at all times…

50 views and  no reply :(

what i am trying to say is that kb is the current choice.  i am betting that if you pick 'kilobits', and the look again, it will still say kb.  for an experiment: change it to 2 megabits, and then when you look, i'm guessing it will say 'mb'.  obviously you don't want to leave it that way, just to prove/disprove the theory for your peace of mind.

I tried, but gave up on Squid as I couldn't get it to work reliably with large downloads. See http://forum.pfsense.org/index.php/topic,21458.0.html

Here's a (quick & dirty) list of Rapidshare networks: http://www.uebi.net/howtos/rapidshare-networks/rs-networks-20090908.txt

I now set up an alias based on this list, and route Rapidshare traffic to qOthersDownL with the built in Pfsense traffic shaper.

I would say you are good to go then :)

i don't actually remember if it was solved - it might be.  i didn't really go back after it, since it seemed not a big deal.