PfSense 2.0-BETA1: Unable to limit IPs in Penalty Box
-
Hello,
I use pfSense in 1LAN/1WAN configuration. I use the traffic shaper wizard 1LAN/multiWAN with 1 WAN to do my QoS (VoIP, Games, P2P traffic shaping). I have a 8Mbps/8Mbps bandwidth available and set the download and upload rate to 6 Mbps with Penalty Box set to 10% of rate and one specific IP (without subnet specified).
I notice that this specific IP in the LAN network is able to download at 90/95% of 6 Mbps, that should be shaped by the Penalty Box but it doesn't work.
Did I miss something ?
Regards,
RedVivi -
Does someone have an explanation ?
-
I've figured it out now! I changed the WAN IP to /31 and changed OPT2 configuration to have a static IP (it was previously set to "none" due to it being bridged with LAN). Then I could create Virtual IP's, however when they were configured as Proxy ARP I could only use one virtual IP - defining #2 would break it. I changed them from Proxy ARP to "Other" and now it works like a charm!
-
I don't get your point according to my post. Are we talking about the same problem ?
-
I read somewhere that the only wizard that was functioning properly was "multi-wan/multi-lan" give that a try? and when you do, keep an eye on the status of your queues it may point to what queue that traffic is being put.
-
I'm using multiwan/1lan with wan=1 and I see some packets in some queues. Could you give your sources ?
Does anyone encounter the same problem ?
-
i would really have to try and backtrack my searches to find that particular post. I will give it a try on my end and see if it the limit works here. On my way to work though, I had an idea that I wanted to suggest, and that was to create a limiter and apply a firewall rule to that IP address to use that limiter.
-
I tried all the wizards and the rules and queues it creates do not work. Everything gets thrown in qothers, which is labled "penalty box" and it does not create any shaping queue anything to that matter for the specific IP address(es) that is entered. In fact there is NO mention anywhere of the IP address that the penalty box is to be applied to. The fact that the Penalty Box is the very first rule is an issue in itself since it's the first matching rule. So this renders all shaping rules ineffective.
To add to that, you cannot MOVE rules between rules because the page refreshes back to the WAN tab. The thing doesn't even catch P2P anymore. It used to work flawlessly in the stable release through packet inspection. Don't know what they broke.
So, no, you are not doing anything wrong. The traffic shaper wizards do not work and instead, I think a better name for them should be "traffic shaper templates".
But then again, the traffic shaping it'self doesn't work either. I had only 1 rule made and that was the penalty box, which happily (not really) made the rule apply to everything and everyone regardless of the IP address. Well, this rule was made for 10 percent of total bandwidth of 9Mbit, which it changed to 9000Kb (don't know who the math wizard is on this one) but aside that point, testing it out, proved that the computer with that ONE single shaping rule, still achieved a full 9Mbit connection even though it should only achieve 115.2 kilobytes /s So to be honest, I am not confident that manually creating rules will work either. Imagine the man hours in that just to realise it doesn't work. haha.
-
I have the same issue. I cannot get the penalty box to work. Have tried to look at the floating rules, but still can't get it to work.
-
I wonder if the Penalty Box is effective only if the bandwidth is nearly at its maximum rate.
-
nope. if you look at the queue settings that are created you can see that the amount of bandwidth given to the penalty box is dedicated with no share.
-
Well, I did some tests and it "seems" that actually works using the multiwan/multilan wizard. Penalty box seems not to affect bursts but I notice a lot of rate drops.