One of the variations I tried involved a recent snapshot.

But I don't remember if it was a stock configuration or not. I was using a variation of the mkflash_new.sh script to modify the cf images to add different drivers and stuff. It took me awhile to get my barrings, it was my first time working with FreeBSD.

BTW, I think there is a bug in the mkflash_new.sh script. Near the end of the script it tries to unmount the device instead of the directory which causes a file system check the very first time the machine is rebooted after writing the image to the CF disk. It isn't a huge deal since the file system check fixes the issue for future reboots.

Original:
cd $FLASHTMP
umount /dev/${MD}a
umount /dev/${MD}d
echo "date '+%b %e %T': Cleanig up."

Modified:
cd $FLASHTMP
umount mnt/a
umount mnt/d
echo "date '+%b %e %T': Cleaning up."

Yep.  ALTQ shpaing is a black art and one that will bloody your nose at times :(

sorry for the annoying but ,

can i give an higher priority with or without the traffic shapper , on a specific port range (regardless the lan coming to ? )

regards

Hi, use command in to shell:
Example:
"tcpdump -e -i pflog0 dst host 10.211.0.11"

tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
13:05:02.396415 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.59965                                                      > www.abradio.cz.http: S 1488749629:1488749629(0) win 65535 <mss 1460,nop,nop,sa =""  ="" ckok="">13:05:19.054825 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.65421 > email.seznam.cz.http: F 1625822815:1625822815(0) ack 2522178552 win 65192
13:05:19.107717 rule 719.qlandef.50/0(match): pass in on rl1: 10.211.0.11.60423 > email.seznam.cz.http: S 3563559450:3563559450(0) win 65535</mss>

In that case we need your queues and trafficshaper rules settings along with your alias settings.

@imitator:

My ISP set for me limit of transfer 750 mb per month. Can I limit that on Wan interface? If yes, How?
P/S sorry about my English (I'm from Ukraine)

This is not possible with pfSense unless you start hacking in something.

If you do not yet use the VOIP queue for anything run the wizard, check it and choose something like "Asterisk" in the dropdown. Now all you have to do is create an alias like Justinw said and change the ports in the created voipshaper rule to this alias.

I think it should eb enough to drop the last client to the default queue and he'll get what is not used by the other queues.

Running Samba on your firewall is not only unsupported but its very dangerous.

I strongly suggest that you do not do this, it violates almost every security best practice in the book.

thanks… i figured that out not too long ago

Trafficshaping inside IPSEC is not currently possible. Try to setup a limit at your ftp server. Most ftpservers support this.

Traffic from the pfsense itself won't be shaped by default I guess. You could try to introduce some rules to send this traffic to one of the mid or low priority queues. I have no way of testing this atm but I experienced this with ipsec tunnels terminated by the pfsense as well. adding an additional shaper rule fixed it.

@sullrich:

http://forum.pfsense.org/index.php/topic,1384.0.html goes over this.

Thanks sullrich but i have already read that. my current settings for ack's are min of 60% and max of 100% and a level 7 piroity.  Still this queue drops packets every now and then.  (2k packets dropped in 30 min with p2p running at 8 meg down).  Generally this queue dones not go that high just under major P2P load and then it is not far above 60% but it starts dropping packets and packets from lower piority queues seem to be sent instead.

I want to make a queue that will no drop packets but any left over packets go to other queues.  I guess i could remove the min bandwidth from all other queues and make acks bandwidth 100% but surely thats not a good thing.  I would like to balance the min bandwidth in the other queues but the min bandwidth should only apply to queues of the same level.  at the moment min bandwidth across all queues can't be more than the total bandwidth right?

maybe i am just doing something stupid in which case can someone let me know what i could be doing wrong?

Chris

You need to pick a unique WAN and LAN interface.

just follow the traffic shaper wizard and set the IP penalty to one of your lan.After that multiply that rule and set the values that u need.

Maybe this bounty could have your interest

http://forum.pfsense.org/index.php/topic,2718.0.html

I`m not sure of that but i will try.Thx for reply

No, there is no way to do this.

Thanks for the reply.

Finally found the snapshots so i will give that a try.

Thanks