A good PRIQ Howto?
-
Sideout, i haven't loaded the configs but I scanned through by hand and see you've got OPT1 and OPT2 interfaces defined in the ruleset. What are those for? Different LAN segment, wifi…?
TIA
-
I am only using WAN and LAN in this one . I will look at it again but I am pretty sure it does not include OPT1 and OPT2 unless it just picked them up from the machine I was using as it had a 4 port PCI Express NIC in it.
-
I see where you are showing OPT2 , it is picking up the other NIC's in the box so you can either edit the XML to remove OPT1 and OPT2 or do it in the GUI.
-
https://www.dropbox.com/s/6loxfax6k4xr78u/LANPARTYPRIQSLSW.zip
Download this - extract it. Restore it to your pfsense. You might have to rename interfaces or adjust the gateway on some queues but outside of that this should work out of the box.
This is a single WAN / single LAN PRIQ config.
Thank you for this!
I downloaded and played with these settings in a double natted guest, with three duplicated ubuntu servers behind it for testing purposes on my ESXi server the other day.
I am still rather confused, but I am moving in the right direction. I plan on posting some follow-up questions here (with screen shots) in the near future.
Thanks,
Matt -
Alright,
so maybe no screenshots at first, but here are a few questions:
1.) The config files you provided. Shaper config appears to be the shaper queues, filter config appears to be the supporting firewall rules, but what is aliases?
2.) When setting up HFSC you need to tell it how much bandwidth you have up and down to make sure that prioritization occurrs locally, rather than remotely. I can't seem to find where this setting is in your PRIQ example. Is it not required for PRIQ? Only one of your queues has a "Queue limit" of 500, and it is qLink, which doesn't appear to be assigned to anything in rules.
3.) I'm gathering from your rules that traffic rules should be floating rules? What is a floating rule?
4.) Some of your queue's are assigned to WAN and some to LAN. Does this correspond to incoming and outgoing traffic? Which is which? If I had to wager a guess upstream would be on the LAN side and downstream on the WAN side. Is this correct?
5.) Clicking through all of your queues, I can't seem to find where I tell the queue if it is HFSC or PRIQ? How do I define this?
6.) Do you recommend starting with the wizard and modifying the queues as needed from there, or creating them manually?
7.) I can see how I can assign hosts to each queue using rules. How do I tell the system to send all other clients that have not been manually assigned to a "Default client" queue? Is it just like other firewall rules, where I create an ALL rule at the bottom, that assigns everything that hasn't been otherwise specified to my "default" queue?
8.) In your example, you have specified UDP or TCP for all of your rules. Is there any reason I can't just tell it to apply to all protocols for the specific host?
9.) It would seem all of your rules are associated with the WAN interface. Some specify the source and some the destination. I'd imagine that this is to create rules for upstream and downstream for each. Is that accurate? I would have expected based on the observation in #4 above, that downstream would need to be assigned to WAN, and upstream to LAN. Is this not the case?
Anyway, I REALLY appreciate your help. This is some of the best information I have found on this topic to date. Thank you very much for your guidance!
–Matt
-
So i have typed a reply to this like 5 or 6 times and then erased it and started over.
I am at a loss on how to reply to some of these.
-
So i have typed a reply to this like 5 or 6 times and then erased it and started over.
I am at a loss on how to reply to some of these.
Sorry, didn't realize I was asking such tricky questions.
If you know some of them, but not all, I'd love to hear as much as I can to learn it!
-
It is not that your questions are tricky. It is that alot of the questions you asked would already be answered if you read some of the documentation.
-
It is not that your questions are tricky. It is that alot of the questions you asked would already be answered if you read some of the documentation.
Ahh,
Thank you. Which documentation are you referring to?
I read the official pfSense Traffic Shaping Guide which is a decent view from 30,000 feet, but doesn't provide much in the way of detail, which I was hoping to get to in my questions above.
Or maybe there is just a level of assumed knowledge in that guide that I am lacking?
Is there another document that would be helpful you recommend reading?
Thank you,
Matt -
1.) The config files you provided. Shaper config appears to be the shaper queues, filter config appears to be the supporting firewall rules, but what is aliases?
Seriously you don't know what aliases are after reading the tab in PFSense?
2.) When setting up HFSC you need to tell it how much bandwidth you have up and down to make sure that prioritization occurrs locally, rather than remotely. I can't seem to find where this setting is in your PRIQ example. Is it not required for PRIQ? Only one of your queues has a "Queue limit" of 500, and it is qLink, which doesn't appear to be assigned to anything in rules.
Multiple forums post on this - HFSC does not use the priority setting but the wizard puts it in there. Also if you look at all the check marks on qLink you would see it is the default queue on the LAN interface so you would know that typically if there is not a rule allowing or disallowing something then it goes to the default rule.
3.) I'm gathering from your rules that traffic rules should be floating rules? What is a floating rule?
Again - you dont know what a floating rule is after reading the tab in PFSense? Plus if you went here https://doc.pfsense.org/index.php/Category:Firewall_Rules then you will see the very same question you asked answered already.
4.) Some of your queue's are assigned to WAN and some to LAN. Does this correspond to incoming and outgoing traffic? Which is which? If I had to wager a guess upstream would be on the LAN side and downstream on the WAN side. Is this correct?
All the queues on the floating rules tab should be assigned to the WAN interface only. There are specific rules that get assigned to the LAN for things like the limiter.
5.) Clicking through all of your queues, I can't seem to find where I tell the queue if it is HFSC or PRIQ? How do I define this?Again you can only have HFSC or PRIQ not both. That is defined on the interface so if you go under Traffic Shaping and read what the drop down box says , you know what you have set.
6.) Do you recommend starting with the wizard and modifying the queues as needed from there, or creating them manually?I recommend creating them manually unless you dont know what you are doing then start with the wizard and choose a very basic simple setup and modify it from there.
7.) I can see how I can assign hosts to each queue using rules. How do I tell the system to send all other clients that have not been manually assigned to a "Default client" queue? Is it just like other firewall rules, where I create an ALL rule at the bottom, that assigns everything that hasn't been otherwise specified to my "default" queue?
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
8.) In your example, you have specified UDP or TCP for all of your rules. Is there any reason I can't just tell it to apply to all protocols for the specific host?
In my experience I have found that using a combo rule for TCP/UDP with HFSC shaping does not work that well in high packet situations. I prefer to separate them as when using floating rules with TCP you need to define qACK but with UDP you do not need qACK.
9.) It would seem all of your rules are associated with the WAN interface. Some specify the source and some the destination. I'd imagine that this is to create rules for upstream and downstream for each. Is that accurate? I would have expected based on the observation in #4 above, that downstream would need to be assigned to WAN, and upstream to LAN. Is this not the case?
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
-
1.) The config files you provided. Shaper config appears to be the shaper queues, filter config appears to be the supporting firewall rules, but what is aliases?
Seriously you don't know what aliases are after reading the tab in PFSense?
2.) When setting up HFSC you need to tell it how much bandwidth you have up and down to make sure that prioritization occurrs locally, rather than remotely. I can't seem to find where this setting is in your PRIQ example. Is it not required for PRIQ? Only one of your queues has a "Queue limit" of 500, and it is qLink, which doesn't appear to be assigned to anything in rules.
Multiple forums post on this - HFSC does not use the priority setting but the wizard puts it in there. Also if you look at all the check marks on qLink you would see it is the default queue on the LAN interface so you would know that typically if there is not a rule allowing or disallowing something then it goes to the default rule.
3.) I'm gathering from your rules that traffic rules should be floating rules? What is a floating rule?
Again - you dont know what a floating rule is after reading the tab in PFSense? Plus if you went here https://doc.pfsense.org/index.php/Category:Firewall_Rules then you will see the very same question you asked answered already.
4.) Some of your queue's are assigned to WAN and some to LAN. Does this correspond to incoming and outgoing traffic? Which is which? If I had to wager a guess upstream would be on the LAN side and downstream on the WAN side. Is this correct?
All the queues on the floating rules tab should be assigned to the WAN interface only. There are specific rules that get assigned to the LAN for things like the limiter.
5.) Clicking through all of your queues, I can't seem to find where I tell the queue if it is HFSC or PRIQ? How do I define this?Again you can only have HFSC or PRIQ not both. That is defined on the interface so if you go under Traffic Shaping and read what the drop down box says , you know what you have set.
6.) Do you recommend starting with the wizard and modifying the queues as needed from there, or creating them manually?I recommend creating them manually unless you dont know what you are doing then start with the wizard and choose a very basic simple setup and modify it from there.
7.) I can see how I can assign hosts to each queue using rules. How do I tell the system to send all other clients that have not been manually assigned to a "Default client" queue? Is it just like other firewall rules, where I create an ALL rule at the bottom, that assigns everything that hasn't been otherwise specified to my "default" queue?
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
8.) In your example, you have specified UDP or TCP for all of your rules. Is there any reason I can't just tell it to apply to all protocols for the specific host?
In my experience I have found that using a combo rule for TCP/UDP with HFSC shaping does not work that well in high packet situations. I prefer to separate them as when using floating rules with TCP you need to define qACK but with UDP you do not need qACK.
9.) It would seem all of your rules are associated with the WAN interface. Some specify the source and some the destination. I'd imagine that this is to create rules for upstream and downstream for each. Is that accurate? I would have expected based on the observation in #4 above, that downstream would need to be assigned to WAN, and upstream to LAN. Is this not the case?
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
Thank you. I do appreciate you taking the time, and having a little patience with me.
I think part of my problem is a terminology gap. Been doing a lot of googling and browsing around the pfsense documentation, but obviously not for the right terms!
This - hopefully - should point me to the right reading to understand all of this.
Thanks!
