Easy trafic shaping problem?
-
WAN->LAN and LAN->WAN you refer to is just the INTERFACE the traffic has to pass through to be tagged by this rule.
In your case you only have two interfaces, so this will always be one of these two combinations (depending on traffic direction might be one or the other).
Source and Destination is another thing.
In your WAN->LAN rules you can specify a destination of LAN Subnet (which would be the same as 'any' though).What I understand from your last post is you want something like this:
WAN->LAN * xx.xx.xx.xx LAN net q32kDown/q32kUp
LAN->WAN * LAN net xx.xx.xx.xx q32kUp/q32kDownYour realtime m2 value in the queue definition should be 32Kb.
-
Thanks for the tip, I shall try it out.
Seems to be working, atleast there are packages hitting my new queue and pfsense webgui seems smoother during bandwidth overload. Gotta test bit more, not sure yet :)
edit:
Ok it seems that all the normal traffic just moved to the newly created high priority queue. This due to the face I put rules like (any > LAN net / LAN net > any) , my bad there. so I changed the rule as below:
WAN->LAN * 192.168.1.200 LAN net q32kDown/q32kUp
LAN->WAN * LAN net 192.168.1.200 q32kUp/q32kDown192.168.1.200 being the computer I use to connect PFsense webgui from the LAN net. Now there is absolutely no trafic at all on the new queue. The rule does not seem to apply :(
Just a thought, could this work in reverse somehow. I could can the maximum bandwidth allowed for the outgoing traffic? Then again, how can I distinguish the PFsense webgui connection from the other traffic. Maybe change the default HHTP 80 to something else and create an own traffic shaper rule for it ???
-
I thought your source IP you wanted was an external IP. The reason it does not work is that traffic from 192.168.x.x to LAN subnet never goes through the WAN interface, which means a WAN->LAN rule will not catch it.
I'm not sure what the easiest way to shape this traffic would be, but I'm sure I've seen at least a dozen other posts in this forum about it.
Search is your friend. -
Thanks for the tips again.
Could not find anything with search, guess I did not use the right search words. Looks like I have to do it the good old way, aka manually and painfully :)
-
Why are you trying to shape traffic from LAN to pfSense anyway?
Your LAN should be running on 100mbit CAT5 cable, no? And how often do you need to access the webGUI from LAN anyways? -
This is the problem, somehow my PFsense webgui access gets really slow when the 1/1 mbit WAN bandwidth gets overloaded. I dunno why this is, started happening after I enabled traffic shaping. And like you said, it is not reasonable as I got 54mbit WLAN (transparent bridge) connection to the pfsense LAN interface.
Iam a noobie, all I do is mess around with webgui all day long. Atleast untill I get the hang of it ;D
edit:
I have searched around the forum extensively and Iam pretty sure this Lan subnet > LAN traffic shaping cannot be done, as the the traffic does not go through both WAN and LAN interfaces. Pretty clueless overall why the webgui slows down when WAN get overloaded. Bug in pfsense or some hardware error ???
-
If your connection is 1mbit/1mbit, try lowering the queue bandwidth for qwanRoot and qlanRoot to 800kbit and see if that fixes it. If it does you can slowly go back up towards 1mbit and find the perfect balance.
What hardware are you running pf on? Maybe it gets overloaded when there's too much shaping to do, though I wouldn't think pfctl would cause such a spike in CPU usage… -
Thanks for the tip, I shall try limiting the bandwidth abit.
We had some issues with the WLAN box even before pfsense, so Iam pretty sure it is the one to blame for my problems. The WLAN box is Linksys WRT54GR v.1.1 with latest firmware available.
The PFsense machine should be up for the task, I have not observed any alarming resource spikes. The System Overview page has all the resources usages below 10%.
edit:
Found very similiar post as my question here: http://forum.pfsense.org/index.php/topic,8034.msg46031.html#msg46031
Hobas message pretty much explains why my webgui slows down, it is shaped just the same as other http traffic, as Iam using webgui from LAN section.
edit2:
Ok it seems this problem was partly solved by enabling the "Disable webGUI anti-lockout rule" setting in the System: Advanced functions menu. After I enabled this setting my traffic shaping rules affect the Webgui traffic somewhat from LAN aswell. I have the following rules on my traffic shaper:
LAN->WAN
TCP 192.168.1.200 LAN address qHpriority_UP/qHpriority_DWWAN->LAN
TCP LAN address 192.168.1.200 qHpriority_DW/qHpriority_UP^ The problem is that only the downloading rule seems to work as I can see traffic in qHpriority_DW queue when using webgui, but nothing in the qHpriority_UP queue. Iam monitoring the traffic from pfsense shell pftop application.
One more stupid question, what does "Default queue" setting actually mean on a queue? .. Is it like p2p queue, all unknown traffic is transferred to default queue ?
-
Yes all untagged traffic will be sent to the default queue. This is its purpose.
-
After long time I decided to test Pfsense some more.
It seems that all the traffic from LAN -> Pfsense box go automaticly to the Default queue. This includes Shell and Webgui traffic. Why my webgui has been slowing down is that I had put the Default queue rule on a low priority queue. Have not managed to find out any way to shape this traffic and apparently it is not even possible.