Firewall rules are evaluated from top to bottom, so create another rule above the other ones that catches the traffic from that PC, and send it to the appropriate queue (one with more priority, or with more bandwith, or without limiters, depending on how you configured your shaper).

Regards!

@jimp:

FYI- the masking is incorrect on the example given by cheonne earlier in this thread.

For the upload limiter, you want a source mask
For the download limiter, you want a destination mask

The same pair of limiters would be used for both LAN and WAN rules (LAN - In=Upload, Out=Download, WAN - In=Download, Out=Upload)

thanks for the correction.. ;)
i mislook his thread ttle "…per ip"

What is described here is a known bug in pfsense, provide more detail here: https://redmine.pfsense.org/issues/3096

@falbertopl:

Using firewall rules an limiter. create an alias with facebook domain and apply a limiter to a firewall to contain that alias

facebook domain can be added through alias?
coz i did this but i got an error

As I have understood, each limiter acts as a channel with a bandwidth allocated, if within it are created queues, each queue share that bandwidth based on the percentage allocated to each queue or letting pfsense be responsible for rolling, i attached a sample image. if there is only one traffic queues, the entire bandwidth of the limiter is assigned to that queue, if there is traffic in another queue so that traffic is shared among those queues according percent of the queue or you can leave depending on the amount of traffic on queue pfsense decides , that is achieved by letting the percent white. If you think what I said is wrong, please correct me.

Symetric.jpg
Symetric.jpg_thumb

I had made a queue named 'qProxy' as your setting and then setting up firewall rules as you recommended. But why there are no activity in in queue status for 'qProxy'. I also had inserted your code in custom field for proxy server settings.

That's correct. Unmasked limiters are global for any traffic in the limiter. Masks define how to group them into per-group limits (on 2.1 you can mask by IP or by subnet)

@phil.davis:

In my cases in Nepal, on a quiet connection, the ping time to anywhere except the direct ISP device at the other end of the ADSL copper phone wire, is completely variable.

I assume that's why the Gargoyle solution defaults to pinging the gateway on your WAN connection, to which pfSense's RRD WAN quality graphs also refer.

Anyone with any ideas?

LoboTiger

Well I figured it out. For some reason I had to change the rule to "ANY" protocol from "TCP/UDP".

It was working with the protocol "TCP/UDP". Don't know if the update broke it.

Thanks for the feedback this sets me in the right direction. I can grab several USB Ethernet adapters and plug in some bridges. Personally I love the TP-Link nano travel routers.

Actually all the phones and the modem have unlimited data. But sharing a 3G connection with up to 15 devices can really slow things down. We have been using our phones to help alleviate the demand on the modem, but we also want access to our local servers at the same time. And now that Sprint installed LTE right next to us…

Again thanks for the help!

Thanks for the response Ermal, I will give it a go.

@Adam2104:

QoS works perfectly fine in pfsense. I have it configured on mine. The trick is getting your rules configured correctly.

Would you please share your setup?

NAT, traffic shaping, firewall rules (floating, lan, wan), nat outbound auto or manual and which/when static port, siproxd or no?  does one assign queues to created firewall rules lan/wan or rely on floating rules?  traffic shaping to retain use of 100% download/upload bandwidth (I don't p2p, but I do usenet ssl), highest prio for voip (sip/rtp), default everything, higher(imap,jabber), lowest (usenet ssl, or p2p for those who do)

that would be very helpful, thanks :)

yes, limiters and traffic shaping in pfsense are 2 separate things. What you are looking for seems to be traffic shaping. I don't know much about limiters only that they are rather dumb in what they do. Meaning they just limit bandwidth based on an overall. Traffic shaper I think would be a better fit for what you are trying to accomplish.

The only secure way is to use a transparent HTTP proxy or regular HTTP proxy and deny CONNECT to untrusted sites. Only trusted clients should be given routed/NATed access to the Internet. If any kind of routed connection to the outside is possible, BitTorrent can be made to bust through.