PfSense - 2.0 – traffic shapping

jimp

Limiters are what you want, to impose hard bandwidth limits.

If they didn't work, then perhaps either the limiter creation or the firewall rules set to use the limiters were not correct.

ttlinna

@jimp:

Limiters are what you want, to impose hard bandwidth limits.

If they didn't work, then perhaps either the limiter creation or the firewall rules set to use the limiters were not correct.

I've tried with limiters and they work fine to some extent. Be very precise with the directions!

I use Alix boards and the max download speed with limiter is 1400 Kb. If I enter bigger value to limiter, the speed is capped to that limit. Is this a feature or a bug. I've tested with multiple snapshots from January to August.

eri--

Can you provide ipfw pipe show when this happens.

cmb

@ttlinna:

I use Alix boards and the max download speed with limiter is 1400 Kb. If I enter bigger value to limiter, the speed is capped to that limit. Is this a feature or a bug. I've tested with multiple snapshots from January to August.

Neither that I've seen. We've deployed several ALIX systems in production on ISP networks with various limiters ranging from 256 Kb to 10 Mb and they all work as configured. It is possible to configure things as such that you're limiting all traffic through with a limiter, or possible the limiter isn't getting updated correctly somehow though that's been extensively tested. Post what Ermal requested.

xbipin

i use limiters, never faced any such limit

stefanero

well thanks for the replys, so I will try with the limiters.

-do I have to create a limiter for each sepertate Network?
Or can I create one limiter and have that assignt to each network sepperatly in the firewall rules?

-How to I create the limiter correctly? Say I want to limit up and download seperatly like an a-dsl connection.

I would create one rule with bandwidth for upload , and as mask select source addresses right?
and then one rule with bandwidth for download, and as mask select destination addresses.

[u]delay-upload[/u]
bandwidth 500
mask source-address
[u]delay-download[/u]
bandwidth 500
mask destination-address

as next step I go to firewall rules, now I guess here commes the tricky part.

On the Wan Interface rules I did not change anything.

On Lan I created 2 rules

[u]Rule1[/u]
proto * 
source Network1 
Port * 
Destination * 
Port * 
Gateway * 
In-Queue delay-upload 
Out-Queue nothing 

[u]Rule2[/u]
proto * 
source * 
Port * 
Destination Network1 
Port * 
Gateway * 
In-Queue delay-download 
Out-Queue nothing 

Well if I am wrong please correct me here :)

*edit: well upload limit works, but dowload not :( so there is some little config mistake then I guess…

eri--

You just need one rule with both upload/download limits specified together!

Please next time ask if you do not know how to configure one thing rather than report something non working.

stefanero

thnx for the help,

I never said pfsense was not working, all I said that I cant get it to work.
thats why I initially posted it in the traffic shapping section because I simple needed help with this.

I will try what you suggested and post back here I guess ;-)

stefanero

well

this is tricky.

I guess new rules dont get applied to alredy established connections.

closing winscp , reopen and start upload this now works. also download now working

thnx a lot

eri--

this is tricky.

That is normal for a stateful firewall.