pfSense != m0n0 but you have Limiter in 1.3 which is the pipe of m0n0.

@dvserg:

Shaping bridge have some features.
You must create rules from-connection_nitiator-to-target and will shape only Incoming traffic(for shape outgoing i modify pfsense 'inc' file).

–-
After my (INC) modifications this rules also shape outgouing traffic (ONE rule for both traffic directions).

Hi, could you give me a basic run down of how to modify the INC file to shape outgoing (as in outgoing on the WAN interface) traffic in transparent bridging mode please.

Thanks

I didn't get any answer for my question  so I will use RELEASE_6_2-p12 and:
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/conf/make.conf.6
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/conf/pfSense.6
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/patches.RELENG_6_2?rev=1.109;content-type=text%2Fplain

For patches there are 2 versions
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/patches/RELENG_6_2/
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/patches/RELENG_6_2_SHAPER/

Which one I should use?

Regards,
Hans

Yes, as far as I know their is no way to do this without traffic shaping.

Or, if you require authorization, you can do this with any RADIUS server supporting sending bandwidth parameters in RADIUS attributes (e.g., UTM5 RADIUS, freeRADIUS, etc.).

@Sh4:

I am pretty sure you can do this with Squid if we are talking about http traffic.

Update…

While searching through the forums, I came accross this:

http://forum.pfsense.org/index.php/topic,9782.0.html

I enabled the shaping rules, rebooted the box, and, SHAZAM!, UDP 4569 traffic is now redirected to the proper queues...

Don't know if this is a BUG or a Feature, but at least I can prioritize my VoIP traffic..

Thanks

L2

@kingjos:

Also, is there any development in the 1.3 traffic shaper regarding layer 7 filtering?

Want to sponsor it?!

pf + ALTQ + borrow ?

Quality of the modem/router indeed affect latency, thats one of the reasons we don't use a soho linksys router in a datacenter, a well configured pfsense gateway should provide the lan users a better connection quality than some soho stuff. But once you fixed the hardware bottleneck theres nothing you can do.

This seems to fit my question well.

I would like to schedule my traffic shaping rules, this is not possible with 1.2 if I understanded correctly? I have sucessfully restricted youtube/facebook speeds with traffic shaper, but would like to apply em only during office hours (8.00-16.00).

Can anyone advise me why I might be getting drops on qOthersUpH?

<shaper><schedulertype>hfsc</schedulertype> <queue><name>qwanRoot</name> <associatedrule>0</associatedrule> <priority>0</priority> <parentqueue>on</parentqueue> <bandwidth>723</bandwidth> <bandwidthtype>Kb</bandwidthtype></queue> <queue><schedulertype><bandwidth>10240</bandwidth> <bandwidthtype>Kb</bandwidthtype> <priority>0</priority> <name>qlanRoot</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime><realtime3><realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue>on</parentqueue> <attachtoqueue><associatedrule><rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></attachtoqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></realtime3></realtime></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><schedulertype><bandwidth>10</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>1</priority> <name>qwandef</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>1%</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> <associatedrule><rio><red><ecn><defaultqueue>on</defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><schedulertype><bandwidth>10</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>1</priority> <name>qlandef</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>1%</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> <associatedrule><rio><red><ecn><defaultqueue>on</defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><schedulertype><bandwidth>30</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>7</priority> <name>qwanacks</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>10%</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> <associatedrule><ack>on</ack> <rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><schedulertype><bandwidth>30</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>7</priority> <name>qlanacks</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>10%</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> <associatedrule><ack>on</ack> <rio><red><ecn><defaultqueue></defaultqueue></ecn></red></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><name>qP2PUp</name> <attachtoqueue>qwanRoot</attachtoqueue> <associatedrule>0</associatedrule> <priority>1</priority> <red>on</red> <ecn>on</ecn> <realtime>on</realtime> <realtime3>1Kb</realtime3> <bandwidth>1</bandwidth> <bandwidthtype>%</bandwidthtype> <qlimit>500</qlimit></queue> <queue><name>qP2PDown</name> <attachtoqueue>qlanRoot</attachtoqueue> <associatedrule>0</associatedrule> <priority>1</priority> <red>on</red> <ecn>on</ecn> <realtime>on</realtime> <realtime3>1Kb</realtime3> <bandwidth>1</bandwidth> <bandwidthtype>%</bandwidthtype> <qlimit>500</qlimit></queue> <queue><schedulertype><bandwidth>20</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>4</priority> <name>qOthersUpH</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>1Kb</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qwanRoot</attachtoqueue> <associatedrule><rio><red>on</red> <ecn>on</ecn> <defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><schedulertype><bandwidth>20</bandwidth> <bandwidthtype>%</bandwidthtype> <priority>4</priority> <name>qOthersDownH</name> <borrow><linkshare><linkshare3><linkshare2><linkshare1><realtime>on</realtime> <realtime3>1Kb</realtime3> <realtime2><realtime1><upperlimit><upperlimit3><upperlimit2><upperlimit1><parentqueue><attachtoqueue>qlanRoot</attachtoqueue> <associatedrule><rio><red>on</red> <ecn>on</ecn> <defaultqueue></defaultqueue></rio></associatedrule></parentqueue></upperlimit1></upperlimit2></upperlimit3></upperlimit></realtime1></realtime2></linkshare1></linkshare2></linkshare3></linkshare></borrow></schedulertype></queue> <queue><name>qOthersUpL</name> <attachtoqueue>qwanRoot</attachtoqueue> <associatedrule>0</associatedrule> <priority>2</priority> <red>on</red> <ecn>on</ecn> <realtime>on</realtime> <realtime3>1Kb</realtime3> <bandwidth>1</bandwidth> <bandwidthtype>%</bandwidthtype> <qlimit>500</qlimit></queue> <queue><name>qOthersDownL</name> <attachtoqueue>qlanRoot</attachtoqueue> <associatedrule>0</associatedrule> <priority>2</priority> <red>on</red> <ecn>on</ecn> <realtime>on</realtime> <realtime3>1Kb</realtime3> <bandwidth>1</bandwidth> <bandwidthtype>%</bandwidthtype> <qlimit>500</qlimit></queue> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>25-25</port></any></destination> <descr>m_Other SMTP outbound</descr> <protocol>tcp</protocol></rule> <rule><inqueue>qOthersUpH</inqueue> <outqueue>qOthersDownH</outqueue> <in-interface>wan</in-interface> <out-interface>lan</out-interface> <source> <any><destination><network>lan</network> <port>25-25</port></destination> <descr>m_Other SMTP inbound</descr> <protocol>tcp</protocol></any></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>80-80</port></any></destination> <descr>m_Other HTTP outbound</descr> <protocol>tcp</protocol></rule> <rule><inqueue>qOthersUpH</inqueue> <outqueue>qOthersDownH</outqueue> <in-interface>wan</in-interface> <out-interface>lan</out-interface> <source> <any><destination><network>lan</network> <port>80-80</port></destination> <descr>m_Other HTTP inbound</descr> <protocol>tcp</protocol></any></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>443-443</port></any></destination> <descr>m_Other HTTPS outbound</descr> <protocol>tcp</protocol></rule> <rule><inqueue>qOthersUpH</inqueue> <outqueue>qOthersDownH</outqueue> <in-interface>wan</in-interface> <out-interface>lan</out-interface> <source> <any><destination><network>lan</network> <port>443-443</port></destination> <descr>m_Other HTTPS inbound</descr> <protocol>tcp</protocol></any></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>53-53</port></any></destination> <descr>m_Other DNS1 outbound</descr> <protocol>tcp</protocol></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>53-53</port></any></destination> <descr>m_Other DNS2 outbound</descr> <protocol>udp</protocol></rule> <rule><inqueue>qOthersUpH</inqueue> <outqueue>qOthersDownH</outqueue> <in-interface>wan</in-interface> <out-interface>lan</out-interface> <source> <any><destination><network>lan</network> <port>3389-3389</port></destination> <descr>m_Other MSRDP inbound</descr> <protocol>tcp</protocol></any></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any><port>3389-3389</port></any></destination> <descr>m_Other MSRDP outbound</descr> <protocol>tcp</protocol></rule> <rule><inqueue>qOthersDownH</inqueue> <outqueue>qOthersUpH</outqueue> <in-interface>lan</in-interface> <out-interface>wan</out-interface> <source> <network>lan</network> <destination><any></any></destination> <descr>m_Other ICMP outbound</descr> <protocol>icmp</protocol></rule> <rule><inqueue>qOthersUpH</inqueue> <outqueue>qOthersDownH</outqueue> <in-interface>wan</in-interface> <out-interface>lan</out-interface> <source> <any><destination><network>lan</network></destination> <descr>m_Other ICMP inbound</descr> <protocol>icmp</protocol></any></rule> <rule><in-interface>wan</in-interface> <out-interface>lan</out-interface> <protocol>tcp</protocol> <source> <any><destination><network>lan</network></destination> <direction><iptos><tcpflags><descr>m_P2P BitTorrent inbound</descr> <inqueue>qP2PUp</inqueue> <outqueue>qP2PDown</outqueue></tcpflags></iptos></direction></any></rule> <rule><in-interface>wan</in-interface> <out-interface>lan</out-interface> <protocol>udp</protocol> <source> <any><destination><network>lan</network></destination> <direction><iptos><tcpflags><descr>m_P2P BitTorrent inbound</descr> <inqueue>qP2PUp</inqueue> <outqueue>qP2PDown</outqueue></tcpflags></iptos></direction></any></rule> <rule><in-interface>lan</in-interface> <out-interface>wan</out-interface> <protocol>tcp</protocol> <source> <network>lan</network> <destination><any></any></destination> <direction><iptos><tcpflags><descr>m_P2P BitTorrent outbound</descr> <inqueue>qP2PDown</inqueue> <outqueue>qP2PUp</outqueue></tcpflags></iptos></direction></rule> <rule><in-interface>lan</in-interface> <out-interface>wan</out-interface> <protocol>udp</protocol> <source> <network>lan</network> <destination><any></any></destination> <direction><iptos><tcpflags><descr>m_P2P BitTorrent outbound</descr> <inqueue>qP2PDown</inqueue> <outqueue>qP2PUp</outqueue></tcpflags></iptos></direction></rule> <enable></enable></shaper> <ezshaper><step2><download>10679</download> <upload>723</upload> <inside_int>lan</inside_int> <outside_int>wan</outside_int></step2> <step3><provider>Generic</provider> <address> <bandwidth>32</bandwidth> <step4><address> <bandwidthup><bandwidthdown><step5><enable>on</enable> <bandwidthup><bandwidthdown><bittorrent>on</bittorrent> <edonkey2000>on</edonkey2000></bandwidthdown></bandwidthup></step5> <step7><enable>on</enable> <msrdp>H</msrdp> <vnc>D</vnc> <appleremotedesktop>D</appleremotedesktop> <pcanywhere>D</pcanywhere> <irc>D</irc> <jabber>D</jabber> <icq>D</icq> <aolinstantmessenger>D</aolinstantmessenger> <msnmessenger>D</msnmessenger> <teamspeak>D</teamspeak> <pptp>D</pptp> <ipsec>D</ipsec> <streamingmp3>D</streamingmp3> <rtsp>D</rtsp> <http>H</http> <smtp>H</smtp> <pop3>D</pop3> <imap>D</imap> <lotusnotes>D</lotusnotes> <dns>H</dns> <icmp>H</icmp> <smb>D</smb> <snmp>D</snmp> <mysqlserver>D</mysqlserver> <nntp>D</nntp> <cvsup>D</cvsup></step7>  </bandwidthdown></bandwidthup> </address></step4> </address></step3></ezshaper>

Sorry but that should work in the forthcoming 1.3 version.

Maybe you could draw us a diagram of your network.
But traffic from within your LAN destined to you LAN will never go over the firewall
–> pfSense never ever sees this traffic.

Afaik it can only be done with the bounty shaper