HOWTO: pfSense 1.2.x Traffic Shaping with Squid Transparent Proxy

cylent

i have 1.2.3-release and this REALLY slowed my net and webgui management to a crawl!!!

either it doesnt work with 1.2.3 or i did something wrong.

pls advise

rdlugosz

So I'm using 1.2.3 with the transparent proxy enabled (and verified on b/c it's showing hits in the lightsquid logs).  I am NOT seeing the behavior described in the first post.  On my system, I see P2P traffic in the P2P queues and web traffic seems to go into the qOthersDownH queue.

Also curious is that I do not see any packets in my queues related to my VoIP adapter now that I've re-run the wizard and gave it the IP Address of the adapter.  One of the first rules is that anything on that IP routes to the qVOIP queues… I saw some traffic being registered there when it was just set up to route the SIP port packets to those queues, but for whatever reason it doesn't show up when the whole IP is sent there.

Anyway, my main point in posting is to say that I'm NOT seeing the behavior of web traffic going to the default queues due to the proxy.  It's possible that I've got something configured incorrectly, but it appears that the shaper is doing its job.  Any thoughts?

moonspud

Does this work with penalty ip shapping?

udhaya

Hello iBeej,

I tried as you said, I am able to penalize the download and not the upload. Is there anything I need to follow. Please suggest me with more ideas. I am new to this.

Ver: 1.2.3-Release

bailer

I installed 1.2.3 and followed this guide. I noticed that there is 9 entries of 127.0.0.1 in the conf file instead of 3 but by reviewing the code abit I only changed the first 3 entries of 127.0.0.1 to the gateway IP and everything seems to be working fine for me!

splippity

Is this still relevant with 2.0RC1? I assume it is so after every update I make the changes that it tells you to. Thanks

kirlox_kitoy

so what should be the order? install squid package first then traffic shaper or the other way around mess first with traffic shaper and install squid last

kirlox_kitoy

which will be the sequence of installation? do i need to configure first the traffic shaper or install the squid first?

anagh

Is it the same method for pfsense2.0 rc3. there are several instance of 127.0.0.1 in squid.inc among those which i required to change please explain in details alomg with the traffic shaping way

anagh

Waiting for the reply in pfsense2.0 rc3 I have installed squid with lusca with squid guard and in squid.inc there are 10 instances of 127.0.0.1 among those whic i required to change

tacfit

Any comments on whether this works in Pfsense 2.0? It would be great to be shaping and caching on the same box.

hyrol

The easy way Traffic Shaping with Squid Transparent Proxy
Add under Firewall Rules

Action = Pass
Interface= LAN
Source= LAN subnet
Protocol = TCP
Source = LAN
Destination = any
Destination port range = (Squid Proxy port) eg. 3128

Reason http port 80 has moved to the squid proxy port 3128

jigpe

@hyrol - Thanks it works on 1.2.3. Ill test it on 2.1

argyx

@hyrol:

The easy way Traffic Shaping with Squid Transparent Proxy
Add under Firewall Rules

Action = Pass
Interface= LAN
Source= LAN subnet
Protocol = TCP
Source = LAN
Destination = any
Destination port range = (Squid Proxy port) eg. 3128

Reason http port 80 has moved to the squid proxy port 3128

This works for me on 2.0.1 (tested with various speed settings). Also, you will already have this rule in place if you are have a Deny All rule and are using transparent proxy. So, it's a good idea to take advantage of the rule.

ScottNJ

@argyx - This doesn't work, all HTTP traffic is still getting dumped into qlandef, which by default receives 1% bandwidth from the wizard.