What is the problem you're trying to solve? To slow the traffic (aka reduce bandwidth consumption) or to reduce "slowness" caused by "hogs"?

I find limiting undesirable traffic is more difficult than prioritizing (loose term) desirable traffic.

@churchtechguy:

@Nullity:

The GUI has always been screwy. pftop is the best source. Did pftop ever show dropped packets?

Yes, pfTop shows dropped packets, however I hardly ever see the queue length change from zero even when it is dropping packets, and it seems to drop the packets at just a fraction of the bandwidth I have designated for the queue.

Have you double-checked that your WAN link isn't having bandwidth problems?

I have Win10 Pro and I never directly configured anything about domains. I do have a homegroup setup and the current network is firewalled as "private".

Thanks all.

I'm not sure how, but I managed to create some LAN rules that on the P2P/Usenet ports that queued my traffic.

It seems like you should be able to do this setup with a limiter.  You could limit inbound bandwidth on your WAN to 3Mbps and then just let the other LAN have the rest.  You could do this pretty simply with two limiters…

Download Limiter:
Set bandwidth limit for downloads on the LAN interface, give it a description and check the enable box.

Upload Limiter:
Set bandwidth limit for uploads you would like on the LAN interface and give it a description and check the enable box.

Click Apply to save and apply the changes to the firewall.  You should have two limiters setup now.

Lets assume that your second LAN is the one you would like to limit.  Go to the rules for the LAN2 interface.  You may have your rules setup differently, but it is normal to have a default pass rule to allow LAN clients to pass traffic through the interface for internet access.

Click to edit the default internet rule for your LAN2 interface.
Click on the Advanced Options button
Under the limiter section at the bottom Set:
In = Upload Limiter
Out = Download Limiter

Save and apply the rules.

Do a speed test from the LAN2 network and you should see that your upload and download traffic are limited to the amount you chose. On LAN1 you should still achieve full unthrottled bandwidth.

I hope this helps.

So, what firewall do you have at your remote site?  Are they both pfsense boxes?  I'll assume that you do.

Here is a little picture I made of a possible setup…

upload widget

In this case on the Remote Site pfsense box you would setup a floating rule:
Interface = WAN
Protocol = UDP
Direction = Out (I'm not sure if it matters really to leave it in/out)
Destination port = 1197
Optional - If your datacenter has a static IP address you could put Destination IP = DataCenter IP Address
Advanced –> Queues set them to be None / qVOIP (or whatever the name of the priority queue is for the vpn)

On the DataCenter side:
You should have a rule on your WAN interface to permit the traffic to enter from the internet on port 1197 (or port your server is on).  You can simply go under Advanced --> Queues and set the queue right there without floating rules.  Set it to be None / qVOIP.

Always remember when working with traffic shaping changes that you can have some unexpected results if you don't go to Diagnostics and reset the firewall state table after the changes.

During a speed test, what is the system load reported by the Monitoring logs?

is this working on one pipe per host?

@Animosity022:

I'm not sure the purpose of having the qLink over qInternet.

Is that to just further segregating the bandwidth?

AFAIK, qLink is important in a multi-LAN (& WAN?) environment where pfSense routes between LAN interfaces. qLink is intended to be for inter-LAN traffic (full link speed), while qInternet is intended for LAN<->WAN traffic.

@Harvy66:

QoS only works when you go from fast to slow. Unless you have a 10Gb internet connection, your 1Gb LAN is going to make it not work correctly.

Thanks Harvy66, I've seen some of your responses on other PRIQ posts which have helped me understand a few things on traffic shaping. With what you said, would it be best to have LAN bandwidth set to 24Mbps instead of 1Gbps?  I've seen some conflicting comments on the bandwidth being below Internet speed and some either not set or being higher.

Thank you very much  Derelict for confirming.  I've now adjusted my firewall rules per your suggestion.

Was trying to follow along, but if you test whatever your scenario is and you ping from your LAN, is there any load going on? You shouldn't really see much difference at all from a few pings with no utilization.

The purpose of Traffic Shaping would be to prioritize and ensure that key hosts/ip/protocols/etc get bandwidth when they need it. I ensure that ICMP/DNS/my XBox all get a dedicated part of my pipe regardless of what anyone else is doing in the house.

You wouldn't bypass traffic shaping, you'd use it to prioritize or 'carve' out part of your pipe to ensure you get that allocated.

Your issue sounds similar to this:  https://redmine.pfsense.org/issues/7116

That is correct. The firewall must be enabled to use any sort of traffic shaping.

So if the interface LAN has a queue bandwidth of 40mbit, that would mean DMZ to LAN would get put in the default queue?