Please start a new thread rather than bumping an old, resolved thread for a different issue.

System - Advanced - Secure Shell - Secure Shell Server.  Then you can use PuTTY or your favourite terminal app to connect, or go to the console and press 8 for Shell.

ok sir, am really sorry, will take note.

Wow, how did I miss that?!  :o
Indeed the shaping rule must be above the LANnet rule otherwise all the traffic will be caught and passed by the LANnet rule.

Steve

Ahh yes, that. Once traffic is classified, you can change your shaper rules against the classifications and those updates seem to be instant, but anything that is set when a connection is created is never changed.

I would love to see a checkbox which said,

"Bypass Shaper for Squid traffic"

I think after reading about 50 posts on trying to get the 2 to work together and only having it work once with transparent mode (version 1.2.3) back in the day after dropping to the cli and replacing some ipaddresses this is long past due. - The two working in concert really really helps low bandwidth connections.

Regards

nzcam

So you just need basic outbound priority.  The best way to do this is still through the traffic shaper.  Unfortunately there is no way I know of to move/change the bandwidth cap dynamically, but then again cap settings only matter for traffic shaping when your traffic actually begins to hit those limits.  But no matter the bandwidth cap limit, if you prioritize VOIP through a traffic shaper you essentially make sure it is sent first from the firewall, which is pretty much the best you can do at this point.

The traffic shaping wizard makes setting this up pretty easy.  Run through the shaper, set the VOIP priority, and make sure there are floating rules in place that match traffic destined to the VOIP server.

Do the radios used in the link acknowledge prioritized packets?  No doubt they are recommending you raise the antenna to get it above interface and improve the line of sight to the other side.  What kind of radios are you using?

Shaping is done egress per interface. Shaping data leaving you WAN is relatively easy, your main problem will be shaping your LAN in order to limit your download rates.

If using HFSC, you could create a child queue on your LAN interface for both WANs

WAN1 - upper limit 8Mb
WAN2 - upper limit 5Mb

Then create child queues under each of those for your traffic

WAN1
–high1
--med1
--low1
WAN2
--high2
--med2
--low2

Create a rule on the LAN matching all traffic to/from that IP address and assign the limiters you created to it.  Not sure if the limiters themselves need a different setting, but you definitely need to use rules to apply it to the specific IP.  Make sure the specific match rule comes before your match any LAN list.

@Nullity:

For exporting, pfSense should come with softflowd and pfflow.

Don't touch pfflowd. Completely no-op: https://redmine.pfsense.org/issues/4304

There are three issues with traffic shaping your download

You can't force the senders to slow down, but you can influence them The latency between the shaper and you is much lower than the shaper and them. It takes them longer to respond. You're going from a faster to slow link when you shape your upload. Shaping your download is going from a slow to fast link.

Addressing #1. You can't stop bad actors. They can take several forms, the most common being a DOS attack. Nothing you can do with your firewall if they consume all of your bandwidth. There's another kind of bad actor. An example is many cable companies have horrible amounts of bufferbloat, which can cause the latency between you and someone else to be incredibly high. This can cause a sender to retransmit data that wasn't lost, but the latency was so high, it triggers a resend.

#2 and #3 are your most common. You biggest enemy is TCP ramps up exponentially. This means you need enough breathing room to keep your link from getting flooded. If you have a good connection, you can probably set your upload to 98% and effectively traffic shape. With your download, you may need to set it to 95% or lower.

Remember, PFSense shapes outgoing. You need to shape the outgoing of your LAN. Multi-LAN gets messy and has limitations.

Could you explain a bit more?

Status - RRD Graphs - Quality.  I think Harvy nailed it so my suggestion is likely moot.

oh well, seems limiter is not working with squid transparent proxy  :(

https://forum.pfsense.org/index.php?topic=90486.0

@msmith9xr4:

I really hope so, I saw here yesterday that they're considering leaving this regression until 2.3 !!!! WTF!!!!

https://redmine.pfsense.org/issues/4596

Big shame to let such an incredible regression linger through so many releases.

Definitely was one of the top 5 features of pfsense…

LAN is a start, but WAN limiting is critical for all but the most simple home networks- i.e. any that run any services... at all.

At least for anyone who wants to do voice with any quality control.

Limiters are useful but voice (VOIP?) quality would be better controlled by employing a QoS setup with CBQ or HFSC queues.

1st. I'm not sure if you can not have a default queue. The end result will either base the same as having a default queue or the data is going to get dropped.

2nd. Even if you can do that, don't use the traffic shaping system like a firewall rule. Just make rules to block traffic you don't want.

I used to be using a router w/ QoS, and can stream smoothly the net by just using 70kbps max download speed but when I switch to Pfsense for some reason (some reason that my router dont have that feature inside) the 70kbps is not smooth and slow.. thats why im researching for many days now to make this pfsense bandwidth limiter work just like the 70kbps on my router..

Maybe this may work

ISP(NET) xxx.xxx.0.1 >> PFsense (lan ruled, custom rule enabled) xxx.xxx.10.1 >> Router (bandwidth, wifi) xxx.xxx.2.1 >> LAN Clients (PC and Wifi devices) xxx.xxx.2.2~254

If u have some shaper limit settings to make it work.. Maybe it may work