Firewall Traffic Control
-
I suggest you NOT to run the wizard.
Go to Firewall>Traffic Shaper>By Interface
Remove all previously created shapers by hitting red button on bottom.
Select WAN, tick Enable/disable discipline and its children, the select Scheduler Type CODELQ
and put your download ISP bandwidth in Kbit/s
do the same for LAN but put ISP upload.
Then check if it helped. Play with bandwidth value lowering it a bit or increasing.
Also you can follow this manual in addition to above https://forum.pfsense.org/index.php?topic=63531.0 to evenly share you bandwidth, but it was a little bit broken in 2.3 and works good for me in 2.4.
If nothing helped you should read manuals and how-to and may be use FAIRQ. -
@w0w:
I suggest you NOT to run the wizard.
Go to Firewall>Traffic Shaper>By Interface
Remove all previously created shapers by hitting red button on bottom.
Select WAN, tick Enable/disable discipline and its children, the select Scheduler Type CODELQ
and put your download ISP bandwidth in Kbit/s
do the same for LAN but put ISP upload.
Then check if it helped. Play with bandwidth value lowering it a bit or increasing.
Also you can follow this manual in addition to above https://forum.pfsense.org/index.php?topic=63531.0 to evenly share you bandwidth, but it was a little bit broken in 2.3 and works good for me in 2.4.
If nothing helped you should read manuals and how-to and may be use FAIRQ.Kindly explain why this method is better then the wizard
-
There is no CODELQ in the wizard.
If you want more information about Codel just search in Traffic Shaper on this forum. -
CODELQ does not prioritize types of traffic . If op wants to prioritize types of traffic he needs HFSC
-
You're right about CODELQ.
As I understand the main OPs problem is buffer bloat + not equal bandwidth share and may be the best solution is to use CODELQ or use any other sheduler with enabled Codel queue. PRIQ/HFSC with enabled codel in queue would be very good solution + equalization/prioritization through Limiters as I mentioned before.
Sometimes it just enough to use CODELQ and not prioritize types of traffic, sometimes not.
Anyway the wizard does not solve OP's problem completely and can be useless if wrongly configured through. In this case if CODELQ not help, then OP should configure HFSC or anything else, enabling manually Codel in queues, creating desired rules. There are a lot of information on forum and overall Internet. -
What I am trying to manage is the bandwidth allocation on my network.
YouTube seems to suck all the bandwidth when it runs. As a result other programs suffer. So I am trying to work out a way to not have programs affected by others. Whether that be allocating a certain bandwidth to YouTube and such or assigning bandwidth to other programs. Either way, at the moment with just two people in the house if we open streaming services (YouTube, Spotify etc) other connections suffer.
-
Just try CODELQ. There is no simple, "one click" way to manage s
treaming servicesYoutube over programs and services, only manually or wizard + manually, Google continues to experiment with an own implementations and protocols, but most of the Youtube videos are not streaming but progressively download over HTTP.
CODELQ will try to minimize the queue length by minimizing latency and equalizing all traffic, this should help in this case, making other services also available. 5 minutes to try. -
I do not wish for this to sound the wrong way but I feel Pfsense is falling behind other firewalls, as firewalls today can easily identify streaming like YouTube,torrents,gaming and so on thanks to layer 7, traffic shaping by ports is getting useless everyday
-
Layer 7 is removed from pfSense for known reasons https://doc.pfsense.org/index.php/Layer_7
There is snort that can identify such traffic and doing it much better, but snort setup is also not so simple, thats why I suggested CODELQ to be in the first place, I have personally a lot of positive experience enabling CODEL in non pfSense based routers too. In future there will be FQ_CODEL avaible that do this job even better and you don't need any knobs and a lot of setup. Actually this topic should be moved to "Traffic Shaper". -
Thank you for all your responses. If I am not mistaken snort only blocks traffic it does not help shape it right? and any Idea when FQ_CODEL is pland to be in pfsense? I will try out codel as I never did.
-
Thank you for all your responses. If I am not mistaken snort only blocks traffic it does not help shape it right? and any Idea when FQ_CODEL is pland to be in pfsense? I will try out codel as I never did.
Yes looks like that, snort is not intended to use with shaper and other shaping possibilities like SQUID rules are not widely tested in pfSense. As for Layer7 patterns for youtube, this is also like moving target.
https://forum.pfsense.org/index.php?topic=62863.0
I am not sure that provided DD-WRT pattern is still working nowadays and not only for Layer7 missing in pfSense reason :)
I am not so familiar with snort, squid and other packages but it looks like currently there is no simple solution to shape youtube videos, until you got all youtube available IPs but this is also moving target.
