Just being a PASS rule doesn't explain why Diablo saw all traffic honor the L7.  This says that all packets matched the L7. Doubtful.

I have the same problem trying to use the L7's.  I add the FTP L7 to my floating FTP Wan out dst port 21 rule and all web traffic comes to a screeching halt.  What an FTP rule has to do with HTTP traffic is beyond me.  I have yet to find one explaination of how to use L7 Pass to Match.  I set a tag (match) word on the pass rule and followed this rule with a "match to" and queue but doesn't work.  With or without the dst port 21 in the second rule, same result.

While I'm just as lost as most when it comes to pfSense and HFSC, something I read seemed to indicate that, on a realtime service curve, d is the maximum time elapsed before it gets its m1 or m2 rate fulfilled.  For example, if you had a game that required 500Kb bandwidth with a good ping of 30ms or lower, you would specify m1 = 500Kb, d = 30ms, m2 = 500Kb.  I don't even know if you need to specify m1 in the rt case where burst is not a requirement.

Please bear in kind that I don't know what I'm talking about, and the above could be complete nonsense.

Anybody help me?…

Any hint on how to go about the "transparent bridge" to be able to shape?

I put my 3 LAN connections all in VLANs now, so that they all connect to the pfSense box on one physical NIC.

                                            /====VLAN2 = Internal LAN pfSense-NIC=== VLAN2+3+4 =Managed Switch  ====VLAN3 = Client LAN                                             \====VLAN4 = WiFi LAN

So now I would need to bridge that NIC to another interface and then shape on that interface?
What do I have to do to get that Bridge working?

Need to create match rule on floating tab and not on lan tab.

This thread solved my problems
http://forum.pfsense.org/index.php?topic=61315.0

Please explain in more detail. Is the pfsense the LAN router and gateway for the other two computers? If LAN-LAN is allowed through your switches (no source port filter, no vlan) then I cannot see how a third router or server on LAN should be able to influence on that.

I found that if I created a limiter with more than 100 in Queue Size than the limiter setup would freeze. That meening I could add or edit limiters, but they where not changed on the limiter info page and not taken into acocunt in the traffic shaper.

Did you create a limiter with more than 100 in queu size?

Else you have have found a new porblem.

Good luck

I have a setup with limiters both in and out. I think I once tried to remove one of them and traffic stopped. That sounds like your situation.

If I am correct then just create a 120Mbit limier and add it as the other limiter, that you expected not to use.

just to let you know that I found how to set this up (add a firewall rule with in/out parameter).
thanks
Adrien

4 days later and nobody is willing to help…

Oh well, I thought I would get smart and picked up a copy of the pfsense 2 Cookbook.  A word to the wise: this book is a waste of time and money.  All it basically does is walk you through wizards without any added explanation or anything.  Their section on traffic shaping basically walked you through the QoS wizard, with all default values.  By the end of it, you don't know any more than if you just launched the wizard yourself and clicked Next 5-6 times.  The cover text says "A practical, example-driven guide to configure even the most advanced features of pfSense 2".  Hardly.

At any rate, I'm giving up on traffic shaping.  OpenVPN is working and our VoIP phones seem to be doing better going through pfsense than our old MS ISA Server, so good enough for me to stop banging my head against this wall.

Good luck to anyone else trying to figure this out.  You're going to need it.

Firewall - Traffic Shaper - Limiter

That's all a limiter does; it limits the incoming or outgoing traffic to a specified rate.

@chercheur:

@Hollander:

Thank you once again for your most excellent, and too kind, help, Georgeman: I am in your debt  :P

I tried it again, and you will guess it: it doesn't work  :-[
[/quote]

Hello,
Did you manage to get this finally working ?
I'm interested because I'm only using basic rules for my VoIP … that are working.

Tx !

What I want not yet, no. But I have reasons to believe shortly it will work. But the default traffic shaping is working (again, I wanted something a little bit different). So you might considering trying the default; simply go through the wizard and raise the priority for VOIP, and then see what happens. Perhaps this works for you too  :D

Same with me.
Even the RRD graph shows bandwidths of 600Mbps. I only have 100Mbps.

RRD-queue.PNG
RRD-queue.PNG_thumb

@GomezAddams:

Is it as simple as creating a floating rule at the end of the rules that matches every tcp packet and sends it to the qACK/qDefault queues?

Yes, on interface WAN, direction OUT (considering that you want all your TCP traffic on the qDefault queue and no further classification)