hmmm
this give me nothing …
As I understand each queue has a anchor... I'd like to display traffic currently attached to the queue...
I mean source IP dest IP and using ports...

thanks for any suggestions.
Michael

I have a few newer files which might be of help. They need more testing. And it seems I can borrow some of your time for a bit :-)

replace /usr/local/www/wizards/ traffic_shaper_wizard.inc and traffic_shaper_wizard.xml with the files from my site.

http://iserv.nl/files/pfsense/?M=D

Those should work. Any comments please.

I think this could have a great for some individual user control…a few questions though since I don't speak polish...

Nazwa which I'm assuming is username checked against the user file...?

Is the mac address is what is checked in authentication, or the username, or both?

Anyways, I'll look at it, I'm not the best in the world at this kind of thing though.

we have only 1300/250 kbit/s.

We have about 100 computers going to the Internet and a web server accessed from the Internet.

1300 : 8 = 162 kbyte /sec
250  : 8  = 31,5 kbyte /sec

162 / 100 pc's = 1,62kbyte /sec pro pc
31,5 /100 pc's = 0,315 kbyte /sec pro pc

this is slow real slow

I want to put P2P connections to the lowest priority possible. So, I used only default, ACK and P2P queues.

you need more queu's
sins p2p can chanche its ports to non standerd p2p ports
so then  the p2p trafic is comming in the default queues
and using up all youre upload speed
when this happends alt-q will drop packets to make room

for this to work you need a lot of manuel tweeking of the trafic shaper rules
the som of the total defined ip's up and download speeds can not be more then the speed of youre line
so with a 3000 kb/sec line you can define maximum 10 clients with 300 kb/sec
if you define 11 of them then the shaping stops

Hello!

I think if you activate FTP-Proxy Helper at your LAN and put a firewall rule to permit your traffic from your LAN to 127.0.0.1 (localhost pfSense FTP-Proxy) you will by-pass your Traffic Shaper.

Like this, port 21 and dynamic ports for FTP access will not be in your queues.

Best regards,

Josep Pujadas

hmm I do not want to block P2P, that is simple with snort ruleset… I'd like to limit these type traffic effectively. Will be great to redirect all P2P to separated designated queue.
Nowdays I have lot off outgoing P2P traffic on http port, beside I'm trying to shape fairly all traffic.

oh thanks!
i did a search on usage login in this forum but only come across non-related stuffs…
will read into the details!

I have had my share of frustrations with this traffic shaper and VPN is one of them.

My VPN connection completely ignores any shaper rules for whatever reason.
In fact it ignores my ISP's speed cap as well. A normal upload for me is about 720kbps, but my VPN connection bounces between 520's and 1100's on a regular basis. This is observed using monomon so that may be an issue, but tis strange anyway.
I can tell the shaper that I only have 300kbps of upload, but the VPN will act the same as always.

Maybe someone else can tell you about shaping VPN traffic. 
All I know is that it won't listen to my rules.
I only want to make sure I have enough upload for my voip calls, but when the competing traffic is over the VPN I can't win.

UPDATE
–------------------------------
After messing with it for a while, I was able to get my voip to work when there is uploading going on, but when there isn't a voip call in progress the VPN still ignores the limit set on the traffic shaper.

Things like that will never be controllable I think as you never know the current limit of the line.

My phones also set the QOS/TOS Bit 3 (LowDelay) and i can't deactivate it couse the switches should also prefer these packets in front of all other packets. May be for me is the solution to deactivate the default ACK Queue (cause it seems that it catches all Lowdelays before any of my rule are proceded?) and set up a ACK queue manually (without Lowdelay) and create rule to feed all the acks to this queue and also a special queue/rule with lowdelay for VoIP …?!?!

I think i'll try this at home first - thanks for the hint!

Well I have tryed adjusting all of that but to no avail.  The VPN traffic that I have selected doesn't do to well ether.  I am finding it difficult on how the GUI setting work.

I can honestly say that this works well. I had the same problem…..a moment of stutter than voice was okay but rather annoying. I did 400Kb and 5000ms and the problem went away. Thanks for the tip.

@dusan:

Realtime curve should be used only for realtime applications. Don't use it for FTP and HTTP. Use Linkshare curve instead. (Or simply set Bandwidth while the Linkshare fields are left blank.)

can you describe this better. realtime seems to work well for http etc. if you want
four queues
10 Mb bandwidth
http  max download 10Mb priority 5
ftp    max download 8Mb priority 4
vpn    max 5 Mb high priority 6
all_other max 10 Mb priority 2
p2p  max 2 Mb priority 1

how would you laythis out then we presently use realtime for caps and this seems to work ok

I've been experimenting with this for quite some time now, and it seems as though the streaming starts messing up qwandef hits 2Mbit. If i cap it here (realtime m2 at 2Mb) it works nicely.

Now this is all good and shiny, but with the streaming using 1.5Mb and the rest of the network using 2Mb (all upstream values here), im not really using my 10Mbit pipe to its fullest now am I?

Any ideas as to how i can use the rest of my bandwidth without botching the streaming?

//Richard.

@joustin:

It doesn't help in any way. Skype configuration allows you to specify INCOMING connection port (as to configure proper port forwarding on router). It doesn't have anything to do with connecting out to the world. Shaping per IP is useless, as skype client is never the only net client on a pc workstation.

Still not resolved. I'll be probably falling to some "real" voip solution, dumping skype (toy), as it is too problematic even in small business environment.

I tend to disagree.

The port specification seems to work for the both because I can see skype in both my VoIP up AND down queues.

If you are looking for a business-class service, then skype is definitely not what you're looking for anyways.

Riley

Aw durn.  :'( Well I'm either installing m0n0wall or waiting for this functionality in the next release of pfSense!

Ok! Thx for the answer. I'll be waiting for this feature.