Pfsense 2.0.1 HFSC setup example please? - asymmetric home internet
-
Hi - been reading countless threads and google pages on pfsense QoS setupm particularl HFSC, but haven't been able to get it working correctly without without the wizard. Was hoping someone that has it working with their home internet connection could please post their config from the debug.rules so that I might use them as a starting point.
I'm sure many people will benefit from this information.
Basically I am trying to traffic shape:
WAN (4 Mbit upstream)
qack
qSkype - HD requires at least 1.5 Mbit/1.5 Mbit if not greater for 1080p
qDNS
qSSH (shell access w/ priority over bulk sFTP traffic)
qdefault/bulk
qbackup - I use Crashplan
qUsenet - for downloading from news server
qtorrent - lowest priority - though I understand HFSC ignores prioritiesLAN (28 Mbit downstream)
when I download from usenet at full speed, I seem to get way too many dropsThanks in advance.
-
I have similar setup which is (almost) working, some problems still exist.
My PRIQ queues are (both WAN & LAN)
altq on rl0 priq bandwidth 1536Kb queue { qHigh, qAck, qNet, qHTTP, qDefault, qBackup, qLow }
queue qHigh on rl0 priority 7 priq ( ecn )
queue qAck on rl0 priority 6 priq ( ecn )
queue qNet on rl0 priority 5 priq ( ecn )
queue qHTTP on rl0 priority 4 priq ( ecn )
queue qDefault on rl0 priority 3 priq ( ecn , default )
queue qBackup on rl0 priority 2 priq ( ecn )
queue qLow on rl0 priority 1 priq ( ecn )And the rules:
match log quick on { rl0 } proto { tcp udp } from any to 192.168.10.0/24 port 6880 >< 7000 queue (qLow) label "USER_RULE: Throttle P2P"
pass in log quick on $WAN reply-to ( rl0 83.145.208.254 ) proto tcp from any to $phobos port 80 flags S/SA keep state queue (qHigh,qAck) label "USER_RULE: NAT www"
pass in log quick on $WAN reply-to ( rl0 83.145.208.254 ) proto tcp from any to $phobos port 22 flags S/SA keep state queue (qHigh,qAck) label "USER_RULE: NAT ssh"
pass in log quick on $WAN reply-to ( rl0 83.145.208.254 ) proto udp from any to 83.145.208.207 port 1194 keep state queue (qHigh,qAck) label "USER_RULE: OpenVPN FULL"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 port 6880 >< 7000 to any keep state queue (qLow) label "USER_RULE: Throttle P2P"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 to 173.225.132.0/24 keep state queue (qBackup) label "USER_RULE: Throttle CrashPlan"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 to 209.208.241.0/24 keep state queue (qBackup) label "USER_RULE: Throttle CrashPlan"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 to any port 80 keep state queue (qHTTP,qAck) label "USER_RULE: Boost HTTP"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 to any port 443 keep state queue (qHTTP,qAck) label "USER_RULE: Boost HTTPS"
pass in log quick on $LAN proto { tcp udp } from 192.168.10.0/24 to any port 53 keep state queue (qNet,qAck) label "USER_RULE: Boost DNS"
pass in log quick on $LAN from 192.168.10.0/24 to any keep state queue (qDefault,qAck) label "USER_RULE: Default allow LAN to any rule"
pass in log quick on $OpenVPN from any to any keep state queue (qHigh,qAck) label "USER_RULE: OpenVPN FULL"Requirements/Notices:
- Torrent clients must run on default ports (6881 - 6999)
- My CrashPlan backs up to 173.225.132.0/24, other IP block for Code42 is 209.208.241.0/24
-Pete-
-
Thanks Pete for sharing. Question - do all rules you've listed go on the FLOATING tab? or do only the WAN rules go on the FLOATING tab and any LAN rules actually need to be added to the LAN tab?
-
Only way I get them to work is to add all LAN rules to LAN tab and WAN rules to floating
-Pete-
-
Turns out, I've managed to get this working if I put all on the FLOATING tab. Unique rules for WAN vs. LAN interface. No need to place any rules on the LAN tab.