Shaper dont work on 1.2final

hoba

Maybe this is a rule ordering issue? Do you have set http to high and it is above the penalty rules?

It's far too early to say anything about 1.3 final or releasecandidates atm.

srs

First, thank you Hoba for your attention.

This is my pfsense queues list and order; this is the default one, I have not changed it when ended wizard.

Flags  Priority  Default  Bandwidth  Name 
  0  No 1536 Kb  qwanRoot 
    0  No 1536 Kb  qlanRoot 
    1  Yes 1 %        qwandef 
    1  Yes 1 %    qlandef 
ACK        7      No      25 %  qwanacks 
ACK        7      No 25 %  qlanacks 
    7  No 25 %    qVOIPUp 
    7  No 25 %    qVOIPDown 
RED ECN    2      No     1 %  qPenaltyUp 
RED ECN    2      No     1 %  qPenaltyDown 
RED ECN    1      No     1 %  qP2PUp 
RED ECN    1      No     1 %  qP2PDown 
RED ECN    4      No     25 %  qOthersUpH 
RED ECN    4      No     25 %  qOthersDownH 
RED ECN    2      No     1 %  qOthersUpL 
RED ECN    2      No     1 %  qOthersDownL

Again, thanks for your time!

dav1d

Hy Srs,

i had same problem, but first my configuration was  "transparent firewall", and traffic shape doesn't work :'(; second i think that is important the order of the rules  (like rules firewall), because if you download from internet using http protocol, and your http rule is on top ``first match wins''.
Try to move up the penality rules.

I hope this help you.

srs

hey dav1d, thanks a lot for your help; I will test the rules order; but one more question: what you mean with 'transparent firewall'? I use transparent proxy, but in older pfsense versions, it always worked, shaper with transparent proxy… can you help with this? thanks one more time!

dav1d

I am not sure, but transparent firewall is a packet filtering and normally you put it between your GW and LAN. In your case, transparent proxy intercept a particular service like HTTP and redirect it to squid for  simple content filtering, cache, etc.

My configuration was this: http://pfsense.trendchiller.com/transparent_firewall.pdf.

srs

hey dav1d, thanks again for your time and help!

I think the setup that is described in that document is for a bridge setup; The most strange about the queues order is that they are in default position, I have not changed them after running trafic shaper wizard… In other situations, with another pfsense versions, it worked; before installing 1.2 final I used 1.2rc3, or 4, I dont remember, but the last versions; and it was all working; I had created other queues, and they were all working nicely; this is the reason I simply dont understand why this shaper is not working now; I have setup pfsense manually, did not restore no one backup file, and the shaper is running from the default wizard setup, the only thing I've done is the choose the IP for penalty and the bandwidth for penalty (10k) and for the entire shaper (1536kbits/s up and down), the same values that I have used in other times and have worked.

Have you tried 1.3 already?

thanks a lot for your help!

srs

hey folks, I think I've found the problem:

When I turn off transparent proxy in squid, the shaper seems to work fine; but when transparent proxy is enabled, the shaper doesnt work; the strange is that I always used squid, as transparent proxy, and shaper, in previous pfsense versions, and I know it worked…

Well, what can be done to use these two must-have features??

thanks

sullrich

Contribute to the traffic shaping bounty and ask Ermal if he can fix.

srs

can you tell me wether this was always this way or this is a 1.2family issue? I just want to confirm that I have used shaper plus squid in pfsense before.

thanks

hoba

I think it has always been that way. When enabling squid in transparent mode it creates invisible redirects to the squid deamon that match before other rules do. Also it has been a know limitation for quite some time that traffic from services (like squid) running at the pfSense directly can't be shaped properly due to the way the trafficshaper is working in releases up to 1.2.

srs

well, this is really strange, because I always used squid and I'm sure at 6 to 8 months ago I used the shaper successfully to shape bandwithd of computers laboratories and penalty some ips… and it always worked and I'm sure, I always used squid with some blacklists/whitelists, always in transparent mode beucase I never nedded to configure anything in desktops...

But so this is ok, I must vote for what is the most important to me: shaper or access control lists (squidguard).

Please, can you tell me if this is planned to work (together) on upcoming 1.3?

thanks a lot for all your patience and always congrats for your really nice work!

sullrich

This has always been an issue.  if you want to guarantee it will be in 1.3 then contribute to the bounty.  Otherwise no promises.

srs

ok sullrich, thanks a lot! as I'm in Brazil, I dont know how can I contribute, but I'll check this, ok! I always used pfsense since 0.9x and pretend keep using it!!!

Thanks a lot!