Squid have self traffic settings.
Use Traffic shaper for different protocols, then http (not squid traffic).

All PC's are given access to internet individually through firewall. Some PC's only need access for antivirus updates, checking mail, light browsing. Then, other PC's interact with customer services and online research, in addition to checking mail, antivirus updates. Last set of PC's do torrents.

So, I need to set 3 types of limiters, for light, medium, and large users, then assign those limiters to individual rules on the firewall. Yes, IP addresses are fixed.

@pratchaya:

My ADSL router hv 12000/1200 kbps speed .
( 12M/1M )

Looks normal but enter; for 12000/1200 kbps speed
1024 Uoload
12288 Download

I would like one also. Just purchased an ooma on sale from newegg and would like to use it on my lan running from my pfsense box :)

I partially solved my problem. So I answer my own question  :D

I was messing with traffic shaper wizard, I found out that, if I create same queue name on both WAN and LAN, lets say qP2P, and if I set a floating rule for P2P traffic and set its queue name qP2P ( without ackqueue, its important). Download traffic goes to LAN's qP2P and upload traffic goes to WAN's qP2P, ack packets also goes to these queues. So I solved my own problem.

But I couldn't solve my latency problem entirely,
If I fully saturate upload (WAN traffic) my latencies dont get affected that much. I have read that WAN traffic is the one that we can control, the traffic that we can actually control by prioritizing packets or dropping, it is the the traffic that we create. On the other hand, download traffic is the one that we cannot control directly, someone could send us packets and we cannot stop it until it reaches our pfsense router.
So my problem starts here, when i fully saturate my download traffic, latencies start to go high, not high as 600ms or 900ms but 200-250 ms.
I'm testing latencies with ping command, i gave it highest priority, i tested different schedulers, for both LAN and WAN, I couldn't solve this problem.
Traffic shaper solves my bandwith problem, I can enjoy smooth web browsing, every queue can get its fair share of bandwith, but latencies are too high for gaming when download queues are saturated

So experienced users can give me an advice, is it normal to have high latencies like mine, can it be solved?

Thank you in advance

Thanks, but I really need to limit at the interface level (Entire WAN)

youtubes uses FLV and MP4.

Also if possible, id like to limit the bandwidth usage to 300GB per month.  Then close to 300GB, I'd get a notification from pfsense and at 300GB pfsense would close all connections until the billing cycle restarts..

This is also a fu7ndamental feature I'd like to implement.  At $1.50 per GB, its not long before the bills go up.

Can pfsense limit the amount of data per time cycle (per month, per day, etc….)???

All you should need to do is run the traffic shaping wizard and plug in your numbers (10/10) and it will be limited.  That will get you the basics.  Beyond that you can fine tune the traffic shaping by:

Using floating rules and establishing alias's for gaming ports and then putting in rules and queues to limit traffic. So basically you would have

WAN - HFSC 9MB (this is your upload)

qNerf - Default - 5% qWebSteam - 15%
-qAck -30% qGaming - 50%

LAN - HFSC
-qInternet - 10MB (this is your download)
–qAck - 20%
--qNerf - Default -5%
--qWebSteam - 10%
--qGaming - 65%

qACK will be for TCP ACK packets
qWebSteam will be for 80,53 , and steam ports for upload / download , etc
qNerf will be for any traffic not recognized
qGaming should be for all your gaming traffic

This will require you to know the ports for the games people are playing and either make rules for each port set per game or make an alias called gaming ports , put all the ports in it and use that in your floating firewall rule.

Sometimes games can be tricky about what ports are being used so the best way to figure this out is to put up PFSense , run a PC behind it  and have it play the game and run a port capture on it to see what ports the game is actually using.  You can export the capture from PFSense to Wireshark.  This will be the part that will be the hardest to do , getting the games qualified into proper port mappings and then having them hit the correct queues.

Running a 10/10 Internet connection with anything over 50 people is going to be rough as games like LoL (League of Legends) and others will tax it if your doing a tourney.  For 250 people I would see if you could get another 10MB on download and give up 5MB on upload.  If you see someone uploading alot ,then typically they are running a file sharing app and you need to shut them down.  I would recommend using PRTG as well and make a port mirror on your switch so you can see the traffic and monitor it and when you see someone hogging the bandwidth - I do the following:

1. See what traffic / port they are passing and to what IP if it resolves.
2. Find the MAC of the PC . Make a static reservation in PFSense for that MAC to get a static IP.
3. Delete their current lease to force them to renew and get your static IP.
4. I make a LAN rule to block all traffic for that MAC to any connection on the network.
5. Now you can wait for someone to come up and say they can't get to anything and you can see what they were doing.
Typically they will have something like Spotify running or some other file sharing application.

If you have better switches and you can see what table switch port they are on , then you can just shutdown the port  but alot of LAN's just run dumb gigabit switches at the tables and a Layer2 at the core for the most part. The above way is effective in shutting them down.

I would recommend thoroughly testing out your configuration by doing the above with a couple of PC's so you can see how it is going to perform.  You will need to use Intel NIC's in the PFSense box for the best performance.

Btw - I run the network / Internet for LAN's that are about 120 people in size and we usually have 2 or 3 50/5 cable modems for our Internet and use load balancing with a similar config. I run a PRTG box to monitor my stats and I run a Dell Poweredge 2950 server with ESXi 5 that holds all our gaming servers. We use an Intel Dual Core 3GHZ 8G RAM , 80G SATA , 4 Intel Gigabit NIC PC running PFSense.

Sorry for the long post but the best advice I can give you is test , test , test before the event.

Ok. Thanks for the clarification. I understand now.

Jits.

The easy way to do it is with limiters, not running through the full blown shaper. Create the up and down limiters as desired for the hosts to be rate limited, configure as needed in firewall rules.
http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter