OK thx for your answere … then maybe it's time to stop gaming ... unless I find some firewall distro that supports it, but so far pfsense has looked professional (y)

Ermal is working on it.  No ETA, unfortunately.

Correct me if i am wrong,
You have a bridge active and are filtering with rules on specific interface meaning
if_bridge(4) loaded
net.link.bridge.pfil_bridge=1

and shaping with rules
pass out/in on $bridge_interface tagged WHATEVER queue(q1, q2)

This way it should work!
But the context is not that good since you're shaping IP traffic which might not make sense from bridge point of view.
And you may run in strange problems if you mix route-to rules in between or have some form of dynamic network.

The rationale is shape always with direction==in rules to be on safe side.

when createing a queue manually, are the Service Curve (sc) parameters mandatory?
I created several aditional queues and i left blank those items (im not sure what to put in every one), did i made something stupid or the traffic shaper takes some default values?

Regards

http://forum.m0n0.ch/index.php/topic,1208.msg4105.html#msg4105 ;)

HI

Thanks for your great reply

If i do setup like two wan connected as load balancing to Lan and now traffic shaping between third Wan

and Lan.

Is that work out.

Regards

Krishna

You are enabling the shaping of the P2P protocol, not enabling that p2p protocol if that wasn't clear

http://m0n0.ch/wall/list/showmsg.php?id=35/88

fixed it. It was some weird error that was caused the first time I ran the Traffic Shaper Wizard. After I purged everything and set it up all over again it worked.

Thanks for the speedy reply

bandwidthd, ntop.. all available in "Packages"

You setup VIP's (Virtual IP's)

Check out "Firewall" –> "Virtual IPs"
Imho best is if you just use CARP-type VIP's even if you dont use the CARP functionalities.

I assume you have a firewall-computer with 2 ports:
WAN and LAN.

Now just create 3 VIPs (plus the "real" IP on the interface itself) and create a 1:1 NAT for every server if you need it, or just forward the ports you need to your Servers.

Like this your Servers and Clients are within the same subnet. Is this what you want?
Or do you have 3 Interfaces and on one all your servers?
Then the Traffic Shaper is of no use since it (currently) only runs between 2 Interfaces.

I did make sure to use the right numbers.  The only bandwidth numbers I changed were at the beginning of the shaper and the parent queues.  I had 29000/4500 then changed it to megabits (29/4.5) with no luck.

This works! Thanks Steep!
Now, I shape with CatchAll eanbled, limiting almost everything, but VoIP is perfect In and Out :)
As it is, PfSense now respond to all my needs, and will impress my colleagues at the Christmas party :D

I guess I should write a small tutorial on this.
Thanks again!

you dont need a block rule. (see my sig and figure why better not ;) )
just create an allow-rule above your default allow rule with as destination port the port of your VoIP software and as default gateway your WAN you want the traffic to go out.

Your shaping difference per node can not be that different.
1. makes several aliases..

shape256256 = ip or net
shape512256 = ip or net
shape512512 = ip or net

2. makes several queues for said aliases..

256-256queue-up
256-256queue-down
512-256queue-up
512-256queue-down
512-512queue-up
512-512queue-down

3. make and prioritize your shaping rules for shaped nodes/networks (put them at the top of all other shaping rules).  This leaves the node/client in charge of port/service queuing (when they saturate their allocated bandwidth it's their problem.)

4. assign static forwarded ports to each client (uPNP is a disaster IMHO) with the alias system as well. (You'll have to make the NAT rules too)

ie:
forward1 = 34750-34755
forward2 = 34756-34761

I don't think there is any need to put another box in the middle of things, but then again every network is just a little different - so your mileage may vary.
just an idea, maybe it helps. This probably won't work if your looking to "Dedicate" bandwidth per node.

(This is from my knowledge of working with pfsense and traffic shaping rules and might not necessarily be accurate, so take it with a grain of salt.)

Remember how general firewall/shaping rules work, from specific to less specific.

So if the first shaper rules (the ones at the top) are PORT or SERVICE specific, net traffic will be caught in those first and never pass through the other rules.

Be careful how you setup your shaping rules, as you will impose limitations if not thought out correctly.
ie:
If you choose to Shape just a Node (Host) or Network (and put the rule at the top), no other shaping rules will be matched for that connection with other rules your try to specify - It will be caught in the first rule it matches.

With all that being said, try putting the Penalty IP shaping rule(s) above everything else, reset your states and test.

What you're likely experiencing is network jitter.  VOIP is realtime transmission so even when all traffic arrives you'll hear moments of silence (choppy sound) as codec is trying to compensate for data which is not there yet.  Some codecs handle jitter better than other so you might want to try a different codec.