Traffic shaper changes [90% completed, please send money to complete bounty]

eri-- · Jun 5, 2008, 9:08 AM

Can you please send me your rules.debug to ermal at pfsense.org just to check the order of the evaluation or it might be that the rules produced by the wizard are without the quick keyword and you can edit the floating rules to be terminating but that will mostly break the policy.
I am sorry there is no easy fix to such a thing since there is no easy way to update the existing policy to conform to the new shaper :(.

For the DMZ - LAN problem i would suggest trying living the queue policy in effect only for the internet connections ie on the Traffic shaper config delete the queue policy for LAN and DMZ and see if it suits you with shaping only on outbound. Usually it would suffice since the other part is throtled by the ISP and packets will be driven by the outgoing policy.

If you need a more specific answer please give me some more detailed specification even in private if you wish.

dps · Jun 9, 2008, 8:17 AM

Guys,

How can i have access to the image with the multi nic shapper?

Thank You!

Duarte Santos

Perry · Jun 9, 2008, 9:00 AM

If you donate xxx$ to it you'll get access.

Please read every reply in this topic before asking any additional questions.

medien · Jun 9, 2008, 12:01 PM

multi lan in 1 WAN is very interesting.i hope you can develop per ip bandwidth limiting.thats what everybodys newbie waiting i think.

eri-- · Jun 9, 2008, 5:04 PM

Well expect surprises fro 1.3 or give it a thought/contribution for 1.2 :P.

ccfiel · Jun 28, 2008, 12:03 AM

Good Day to all!

Our small company needs a firewall with the following features. Does pfSense support the following requirements? We are willing to donate if it can fulfill the needs stated below.

1. Support Dual WAN
2. Traffic Shaper for Dual WAN ( distribute bandwidth equally for every workstation that uses the internet ) <–- i think this is the bounty?
3. Web Proxy
4. Samba

Hope somebody can give me some info. Thanks and more power!

Chris

eri-- · Jun 28, 2008, 10:39 AM

The current implementation that is ported to 1.2 that the bounty covered offers this through CBQ and with intimate knowledge with HFSC.

Actually 1.3 would be the release which will really be my recommendation for this.

AFAIK you can sponsor it somemore to get the 1.3 improvements to 1.2.

Ermal

tomdchi · Jun 28, 2008, 3:00 PM

I just sent $100 to paypal@chrisbuechler.com. I just started using pfsense last week and 1.3 would be a great help!

My paypal address used was billing@alumnipropertygroup.com

Thanks!
Tom

tomdchi · Jun 30, 2008, 1:34 AM

Just upgraded and WOW, this new shaper is AWESOME!! Just what I needed!!

sullrich · Jun 30, 2008, 4:23 AM

@tomdchi:

Just upgraded and WOW, this new shaper is AWESOME!! Just what I needed!!

Nice!!!

ccfiel · Jul 1, 2008, 3:24 PM

Hello I have donated $25 to paypal@chrisbuechler.com. Hope this little donation can bring more innovations! :) How can test this features? Thanks in advance and more power!

Chris

eri-- · Jul 2, 2008, 5:00 PM

For all of you that are running the new shaper with multiple interfaces there is a bug that will prevent it from working correctly.
Please see http://cvstrac.pfsense.org/chngview?cn=23485 and make the change manually for now until a new update is released to you.

@ccfiel
read your private messages.

ccfiel · Jul 3, 2008, 2:21 AM

I have tried the new filter.inc. but there is an error when loading pfsense. Fatal error: Call to undefined function: get_configured_interface_with_descr() in /etc/inc/filter.inc on line 431. any ideas? :)

Chris

eri-- · Jul 3, 2008, 6:44 AM

Just change the lines i have sent in the link above.

What you have done is taking the filter.inc from RELENG_1(aka 1.3), DO NOT DO THAT.
RELENG_1 is way changed from RELENG_1_2.

Ermal

ccfiel · Jul 3, 2008, 9:32 AM

hello ermal , oh i see. I just want to make sure if what i did is correct. this is what i have in line 2170. so i have to delete this 4 lines?

let out anything from the firewall host itself and decrypted IPsec traffic

pass out on $lan proto icmp keep state label "let out anything from firewall host itself"
pass out on $wan proto icmp keep state label "let out anything from firewall host itself"
pass out on $wanif all keep state label "let out anything from firewall host itself"

and add this 3 lines ?

let out anything from the firewall host itself and decrypted IPsec traffic

pass out on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself"
pass out on {$oc['if']} all keep state label "let out anything from firewall host itself"

is this correct?

Chris

eri-- · Jul 3, 2008, 11:16 AM

Just replace the file in /etc/inc/filter.inc with the content from this LINK and you should be ok.

Otherwise you just need to delete this 2 lines:
pass quick on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself"
pass quick on {$oc['if']} all keep state label "let out anything from firewall host itself"

and make them

pass out on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself"
pass out on {$oc['if']} all keep state label "let out anything from firewall host itself"

Whichever your prefer.

Ermal

venis_LA · Jul 3, 2008, 3:04 PM

i'm a newbie and want to know where and how can i contribute to get a copy to test 1.3 … many thanks thanks

eri-- · Jul 3, 2008, 3:52 PM

You want access to the new shaper on 1.2 or have you replied on the wrong thread?

venis_LA · Jul 3, 2008, 5:27 PM

i want access to the new shaper .. thanks

eri-- · Jul 3, 2008, 6:20 PM

Well you can send the offerings at ermal.luci@gmail.com and i will give you the link to the new shaper.