Here are the screenshots for you: [image: PFSenseConfig1_zps1fc7cd2f.jpg] [image: PFSenseconfig2_zpsc8161dd3.jpg] [image: PFSenseConfig3_zps283679de.jpg] [image: PFSenseConfig4_zps248be6d9.jpg] [image: PFSenseConfig5_zps6ee5b90c.jpg] [image: PFSenseconfig6_zps71609932.jpg] [image: PFSenseConfig7_zps40f4ba3c.jpg] [image: PFSenseConfig8_zps1d502d42.jpg] [image: PFSenseConfig9_zps70c4a6a7.jpg] [image: PFSenseConfigAlias_zps827add90.jpg] [image: PFSenseConfigLANFW_zpsf811e188.jpg] [image: PFSenseConfigFloatFWRules_zps3808c272.jpg] [image: PFSenseConfigGW_zpsedbe2bc0.jpg] [image: PFSenseConfigSitcky_zps87af146d.jpg] [image: PFSenseConfigDNS_zpse977e9b4.jpg] [image: PFSenseConfigNAT_zpsa48e73d9.jpg]

It should balance the load when full, since all traffic will have equal priority.

Boy that is weird. The ISP says we are 23 * 1000 * 1000 or 23,000,000. So apparently I gotta convert from 1000 to 1024 for the shaper wizard? 23,000,000 / 1024 = 22460.9375 I paste that in: [image: shaperkbitconfig.png] And the resulting config is different. [image: shaperkbitresult.png] What's going on here?

@ttblum: I see. What I put into the Wizard's 'Connection upload speed' shows up afterwards in the WAN 'Bandwidth' field. Is it possible I have upstream and downstream mixed up? Shaping happens outbound on an interface. Uploads go out WAN. So it's correct.

Hi. I will listen here as I would like to know to. I do not know what the bandwith is for. I would like to know to. Both with and with out limits in the service curve Regarding the link share I guess it is the quaranteed bandwith share if the connection is congested. If there is free capacity then more traffic can be given to the queue. To avoid a queue to use all your bandwith you can add an "upperlimit" along with your linkshare. Say 5% linkshare and 15% upperlimit. Then the queue will have minimum 5% when line is congested and a max of 15% even if there is a lot of free capacity. Why you do math I do not understand. 3x10% What are you trying to ask? I you have a queue with 50% and a subqueue with 50% the last will get 50% of 50% = 25% of the bandwith. But I guess that is not your question.

Thanks. That works for me too.

Yes, you have to define the traffic shaping like that. Regarding the rules, what I am currently doing is to specify on tab LAN (for download shaping) and on tab "Floating" (for upload shaping). But, I think I read somewhere that it may be sufficient to only specify them on the "Floating" tab (you then set "Direction" to "any"). I haven't tested that. Maybe someone else can confirm that.

OK. Thanks a lot for your reply.

It can be done in squid+squidGuard, I believe. It's been asked and answered many times on the forum. Search and you'll find better answers.

Have you tried limiters?

Hi, I haven't used limiters, but maybe you could do it as follows: 1. Create a firewall rule for the IP range to exclude as follows: Pass Source: $ALIAS_EXCLUDED_IPs Destination: any In/Out: None 2. Create a second firewall rule for the remaining IP range as follows: Pass Source: $ALIAS_OTHER_IPs Destination: any In/Out: UploadLimiter/DownloadLimiter I'm not 100% sure, but do tell me if this works.

Thanks, I will retry asap. EDIT: did a cross check while I was using another ALIX with ipfire on it … there the backup went through fine and much quicker. I don't have a clue what to look for in the iptables there ... Just as a reference. I will re-check things when I plugged in the pfsense-box again.

In theory this would be possible with freeradius2 package and captive portal. I say "in theory" because there is still some bug on accounting on CP. You should at least use pfsense 2.1. Search the forum for more information or take a look here: http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package

Hi You should create two limiters and set one for mask destination (download to LAN) and one for mask source (upload from LAN). Then add a FW rule above your default rule on the LAN and add the limiters to this. IN = upload from LAN (with source mask) OUT = download to LAN (with destination mask) This way all clients will get there own sets of limiters You can read it in the link from ptt under "Dynamic queue creation"

No sorry. Icannot reproduce it. It sounds like a bug of some kind. I have spend all weekend trying out different things with the limiter. Creating and deleting limiters over and over and I have had no problem doing that. Limiteres first really come to use after beeing assigned to a firewall rule. Therefore it is even more weird that your box messes up just after a limiter has been created. Suggestion: Time to do a restore to factory defaults and try again? Good luck with your project. Anders

Well. Glad you found a solution. Even though not the preferred one. I am playing with limiters at the moment. I need to limit users to max 50Mbitps. PF can do this dynamically. But when testing I can get no more than 16-18Mbitps through a limiter… I start with 1Mbit, 5Mbit, 10Mbit, 15Mbit and it works great. Then 20Mbit, 30Mbit, 40Mbit etc. all stay on same 15Mbit download 18Mbit upload ffor the user... If I remove the limiter then 60Mbit or more. Aparently there are small issues like this based on configuration, hardware etc. It is not easy.