If you are using HFSC you can set a minimum bandwidth as well on the queue , that way those queues will alway have that bandwidth available to them versus a max and then a sharing amount.

I typically set qGames and aHTTP at 35% each with qGames getting half of that as minimum. That leaves 30% for qACK  and qP2P (Default). Granted this is at LAN parties as well where I only really care about Gaming traffic.

I use alias's for the gaming ports as well.

Change your second rule so that the Interface is WAN, not LAN.

The internet is very bursty, which can add to jitter. One of the nifty things that Google et al have done is added bursting to TCP to help combat latency and slow-start. It is common for TCP windows to start at 10 or greater. With 1500 byte segments, that's almost 15KiB of data. Now throw in browsers trying to load over several connections at the same time, like 10. You're now up to about 150KiB of data that can be bursted at you with 10Gb/s+ rates. That's about 12ms of data at 100Mb/s.

Maybe it won't matter in your situation, but I would be very aware of transient issues that could make your VoIP have issues that are perceptible to humans, but difficult to measure as issues like with IMCP

@Nullity:

Ah, I see. Sadly, the answer is "No" then, unless you want to some scripting yourself.

Linux iptables does have this feature built-in.

FYI, gb = gigabit, gB or GB = gigabyte. I just spell it out to avoid confusion.

Ok, thanks for your reply and clarification.

That is because limiters are applied when a state is created, which is done on WAN, not on LAN. But due to a long-standing limitation, you cannot place limiters on the same interface as NAT rules.

Try making a floating rule.

Action: Match
Interface: LAN
Direction: Out
Source: any
Destination: 192.168.0.17
Destination port: 80
In/Out pipes: Your limiters
Note than on a rule on an outbound interface the direction is reversed so In will be to the webserver and out will be from the web server. I think. It's confusing. If you get it backwards, flip them.

Note that that will catch traffic in both directions on inbound connections to your port forwards. You do not need the rules on LAN. If you want connections made BY the web server, not TO the web server to not be limited, just remove the limiters on LAN.

I do not know for sure if this will escape the NAT+Limiters bugs but I think so. Be sure to use interface LAN (or your web server's interface) direction out.

Current supported list is here:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/interfaces.inc#L5657

I don't recall enc0 being specifically removed, but if it's not in the list, it must not support ALTQ any longer. I know it did at one time, probably 2.0.x or before, but not now apparently.

Thanks Harvy66,

The ping of my Teamspeak and Pinging Google is staying a lot lower now.

Thanks for the your help.

Ping looks like this now, (See Screenshot) Done while downloading 1GB Bin. on my 37/2 connection

Many Thanks

EDIT: Watching a youtube video and its unless stable, very odd. See second screenshot

I noticed it says 40mbps but the queue is limited to 36864


Redid it with out the . and worked fine.

There isn't any way to see that information. The best you can get is the pftop "queue" view or the output of "pfctl -vvsq"

And powerboost only applies to free bandwidth on the node. There is no way for you to know that.

@Craigst:

i do alot of downloading and have 50mb connection i wonder if i can limit types of traffic like http website always get least 5mb and netflix / twitch / youtube always get min of 10mb so downloads will slow down when im watching netflix or twitch ?

thanks for any help im new to pfsense but loving it so far :)

Create a HFSC parent queue with ~48Mbit as the Bandwidth. Then create a default queue, a HTTP queue, and a netflix/twitch/etc queue with the appropriate linkshare m2 values.

Then create corresponding floating "Match" firewall rules that will assign the HTTP, netflix, etc traffic into the proper queues you created.

This simple setup should share bandwidth appropriately.

I myself believe that limiter has its use other than traffic shaper itself.

You should be able to use your firewall rules to NOT place traffic into a limiter if it's destined for PFSense or other LANS.

@Paint:

@shoemoney:

I was thinking $250.

$100 pre-paid rest after.

Ideally someone based in the usa with english as a first language.

Thanks!

Would be happy to help.  Please pm me with the general information regarding your setup and contact details

PM Sent!

Firewall rules are first-match, except for Floating rules which are last-match, unless you have the Quick option enabled.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

@ekoo:

Does my setup give any red flags? See anything wrong / wierd / can be improved?

Correct me if I misunderstood how this QoS works:

Create how ever many/little queues you like to sort your traffic (WAN side) allocate bandwidth to each queues adding up to 100% of total line speed specified in the interface (which really is 95% of your actual line speed) (LAN side) allocate bandwidth to each queues adding up to 100% of total line speed specified in the interface (which is your NIC speed) create rules with known protocols and assign them to the queues. all unassigned traffic will default to a "default" queue.

is that summary correct?

That's close enough (I guess). Just try to keep your rules & queues simple. Taking the time to verify the functionality of each individual rule/queue is also important.