This is why I wont be reporting any more bugs.
-
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
-
@KOM:
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
That is what I selected the first time when I made the bug report, the issue you have is you are still approaching this as a operator error issue, you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Also noone asked me to do do anything apart from one guy who asked for the screenshots which I am posting in a matter of minutes from now, I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
-
Ok here is the results using the dnsbench GRC application which I used to flood my router with outbound dns connections, the results were not the same as TCP tests.
1 - With the default rules created by the wizard it doesnt work but in addition unlike the other match rules there is 0 matches tallied on the rule.
2 - changing to pass whilst still a floating rule is the same result as #1.
3 - Having it as a pass rule on the outbound LAN interface (not floating) it correctly matches the packets and I see dns traffic in qOthersHigh queue. -
attaching floating rules pictures, I have explained already what is there, but for those who want to visualise here it is.
-
the issue you have is you are still approaching this as a operator error issue
Again, it works for everyone else, so yes we're assuming it's PEBKAC.
you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Since you consistently refuse to provide any details whatsoever, we have nothing else to go on, do we? You're saying that even though others (including myself) have it working but you don't we should assume it's a bug? Here's a thought: everyone in here is telling you you're wrong but you stubbornly refuse to listen and instead want to argue with the devs and old-timers. Maybe you're the one in need of a change in thinking?
Also noone asked me to do do anything apart from one guy who asked for the screenshots
I'm pretty sure I've asked at least once before.
I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
You're making this personal for no good reason. I was hoping we could fix your problem so you would stop moaning about it but like I said I'm done. I'm sure someone else here can look at your diagrams.
-
You havent been constructive in any of your posts in this thread. I have obviously personally ruled out operator error by repeating the procedure probably a dozen times now, its not my fault you wont accept that. You said you staying out of the thread which is probably the best post you made in here, of course if you want to offer constructive input go ahead, but first step back take a breather.
I have never said this doesnt work on any pfsense routers. You seem to think something either must be broken on every usage case, or working in every usage case, nothing in between, except the real world doesnt work like that, bugs can surface themselves in mysterious ways. Not to mention that you saying "everyone" has told me that I am wrong in that there is a malfunctioning code problem (or documentation issue). As that is also not the case.
I have spent 100s of hours in my job when having to track down bugs that may only affect sub 1% of people. I didnt reject reports because "it works for most people".
-
A few observations-
- I don't think trying to continue troubleshooting in a thread that was started to comment on the bug reporting process is going to be productive for you. Perhaps continue on a previous thread, or start a clean one.
- Most of the people here are just other users trying to help out, so don't get so offended is someone is short with you. If you are paying me $100 an hour to troubleshoot your problem, I promise I will be very polite and professional. For free help, take what you want and ignore the rest.
- Skill level varies widely, so there is naturally skepticism. I have tried to reason with people who claimed to have years of network experience, but acted like twelve year old kids.
- Document your case, and ignore those who you feel are not constructive. Getting in feuds is not going to help you solve your problem.
I'll stop there. Good luck on your issue. Personally, I find the shaper complex enough that I don't try to give others advice on it.
-
Fair points dotdash.
I will take your advice and start a new thread on the issue alone and we can see if a resolution is found.
-
thread for the issue is here if anyone wants to participate on the problem at hand (not for discussion of the bug report issue.)
https://forum.pfsense.org/index.php?topic=123757.new#new
-
I have had a lot of help from this forum, but mostly best answers given by peoples who develop or support this project.
I have reported issues also onto redmine and it was fully working for me, until one day I have received this crap as an answer https://redmine.pfsense.org/issues/6836
This is unacceptable, IMHO. -
So right now you have started no less than 3 threads about the same thing.
- this
- https://forum.pfsense.org/index.php?topic=123757.0
- https://forum.pfsense.org/index.php?topic=123654.0
No idea how this helps to solve any of your problems. :(
-
"Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."
Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe
Just saying ;) hehehe
BTW: Dok is one of the nicest most helpful people on this board, and he knows his SHIT!! That is for sure - sorry but if he says something is BS, and calls you on it.. I would bet my left nut he is right on point.. Also just saying ;)
-
John he must really know his stuff, as he said I have not provided information he needs, yet somehow managed to determine what I said was the word you used.
Unless I have misunderstood you, you have them decided to agree with him based on his reputation alone.
He is welcome to do any of the following which he has not done.
Provide documentation that is not sourced from pfSense or from openbsd post 4.5 that explains what he says.
Provide me a step by step diagnostics route to follow to prove or disprove a theory.All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
So that to me actually makes me disrepect him, because he comes across as someone who thinks he is above others (note how he talks down to me as if he is some expert and I am someone who is not understanding whats going on) and because I called out his bad language on the bug report he is now just concentrating on me but not on the issue I raised.
Obviously people develop trust with each other and friendships and so forth, he is a senior member of this community and naturally those who have been here a while will just accept his opinion. I already know this "technical problem" will get nowhere, I will just use the traffic shaper with the LAN configured rules which are working 100% and others on here will just continue to conclude that I must have fiddled with something, or "somehow" broke it myself and that the code base remains 100% rock solid.
Of course this issue is not the only one that will fall into a back hole. There is the repeated unbound problems that were reported first in 2015 from what my search finds, and have yet to be actioned upon.
I also reported a bug with pfblockerng to bbcan17, instead of calling my report bollocks, he is a friendly guy who has said he will be doing testing using the proposed fix I offered. That is a the response of a mature friendly developer. Its not a competition to try and score points of each other, but a community where we work together to solve problems including problems that are undesirable behaviour.
To come back to this quote
""Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.""
Are you saying NOYB has not been like that to myself on this thread and on the ticket?
Please explain how calling a bug report bollocks and deciding from the off that the bug is invalid is not insulting and belittling?
-
All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
Hey dude, that was me. And no, I actually suggested to move your issues to the forum, where they belong. Alas, that was completely unproductive. Perhaps you need some tinfoil supply?
And unfortunately, the suggestion by one of the pfSense devs to stop digging security holes into your firewall did not have any better effect either, as you clearly still insist on producing exact same nonsense that you filed as a security bug originally, and even suggesting that as a solution.
From Kill Bill with love. :P
-
Making pass rules on the LAN section is not a security hole as all outbound traffic is already allowed by a default rule created by pfsense.
All those rules do is also move the traffic to specific ALTQ qeues.
Lets face it mud sticks, and I have upset enough senior members of this forum that I will now only be slammed for what I do.
e.g. it was suggested I make a new thread to invite suggestions, so far none of you have replied to that thread and even someone slammed me for making that new thread.
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.If you do not want people posting what they believe to be bugs on the bug report site, then you need to lock out the bug report site to approved people only. The reason you dont want me posting there is because you want a sort of triage to occur on the forum first, so basically every problem is determined to be an end user problem by default unless decided otherwise.
The following are all facts which has produced hurt, but none have really been disproved.
Openbsd documention up to 4.5 and older states to use pass rules to send traffic to queues.
FreeBSD documentation states the same.
pfSense documention states to use floating match rules, however I have not been able to verify the author of that documention and who wrote them.My own experience which I have lost count now of how many times I have said it proves on my own specific setup/configuration the match rules created by the traffic wizard simply do not work as intended. After pointing this out a few excuses have flown my way such as "I dont understand what they supposed to do", "I have done something wrong". Very vague excuses but no proper diagnostics.
Even now the post you just made. It is concentrating on what you think I shouldnt do but no actual ideas from yourself as to why its not working. You have no idea, all you seem intent on doing now is basically getting me off the forum.
So to sum up.
you have still not said what a "real bug" is. Is it not a real bug until you or jim can produce it? My altq interface bug report was rejected but then when jim reproduced it is now suddenly valid, umm ok.
You told me to post it on here which I now have done, but still some days later, you have not offered anything constructive, instead you continue on a slander campaign as proved by your above posts again just concentrating on discrediting me as an idiot.
You try to mock me for creating apparent security holes yet I am not the one who has created a default behaviour for the dns resolver to listen on the internet interface.Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
How old are you 12? I mean you seem to have just proved my point, I said there is a complete lack of respect given to me on the bug ticket, by calling my report bollocks without any kind of investigation and then you done the exact same thing again, you called a proper diagnostics procedure I carried out as "nonsense", please explain yourself, or is that beneath your station?
Remember this forum is here for all the public to see, and pfsense are selling hardware and other services in a professional environment and the sort of replies here are doing the brand no favours.
-
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.
Perhaps because everyone is either fed up by your moaning, or just cannot be bothered to follow your 3 different threads about the same, with chaotic pieces of info posted here or there or elsewhere.
Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
Actually no, I originally labeled is a "load of bollocks". And posted a screenshot reasoning why.
Have better things to do with my time, outta here.
-
So you are hanging onto the fact it works for you, and that reason alone that everything I said is nonsense/bollocks.
Is that what you really trying to say and consider adequate diagnostics?
I do agree this whole thing has been a waste of time, I have spent far too much time on this subject, especially as I already have a working solution in place.
-
"Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."
Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe
Just saying ;) hehehe
So you want to shoot the messenger eh. ;)
Karma point context matters. So if you want to use that then provide the context of them as well.
-
I am not aware of any of these issues, on what dok might or might not have said on some comments on redmine. I don't really want to get involved with that. The funny part I found in this thread was someone saying hey you catch more flies with honey, yet has a - karma that is almost higher than his +… Which doesn't see like practice what he is preaching is all..
But what I can tell you is have been reading dok's posts, and chatting off and on with him for years. He might seem a bit blunt or rough sometimes in his comments. And while it might see rude or atleast not very nice to those that do no know his style. That is not his intent to be sure..
What I can tell you is I can not recall a post of his that was off base from tech point of view. Be it his posts didn't put in enough please and thank you's I don't really give 2 shits about. This is a tech board, and about information. Sorry but if you get offended because someone calls BS on information posted - maybe you should only visit the board when its not your time of the month ;)
To be honest his blunt and upfront posts normally bring a smile to my face ;) Because its nice to see vs all the flowery fluff that fills many boards.. Keep in mind that its really hard to correctly interpret tone in a forum post.. I get the same reaction to some of my posts.. And I can assure you I am just here to help and exchange information that allows the user to do what they want to do. If they are going down the wrong path per my "opinion" that I might say nonsense or bs, etc. etc.
I don't really care for all the flowery nonsense, I don't care if you catch a billion more flies.. I don't really like flies - so if we have to spread about some vinegar about - who cares.. Keeps the flies away if you ask me ;)
If you think he assumed something is wrong, then call him on it posting why.. The facts are the facts. But to go crying that he was direct and to the point with his opinion and you found it not to your likely.. Oh well ;)
Does not matter if he called you a moron or an idiot or whatever. These are just words from some random guy on the internet.. Why would you get upset? What does it matter - comes down to the information that the discussion is about. If something doesn't work, then it doesn't work - show your steps in why you think the problem was xyz.. If the problem is not xyz and someone says oh that is BS.. Vs hey mister poster hope your having a nice day, but I do not believe the information you provided is correct..
Its easier and quicker and to me gets a more honest opinion across if you just say Bollocks! or BS that is not the problem.. If they jumped to conclusion that you think is false then show why.. They are going to feel stupid if you show you are correct and they are wrong now arn't they.. If was just too blokes chatting at the pub and one said that is BS, and then finds out its not you both laugh and have a beer.. You don't go home crying to mommy ;)
-
On a somewhat productive note, closing all your duplicate threads (this one included) and starting a new fresh one, with focus on stating relevant info (incl. the shaper config), what you are trying to achieve, what have you done, what results you have expected and what does not work might even produce some result.
From the mess and OT noise posted so far and some chaotic descriptions, the only thing I got that you got some god knows what tool from the infamous grc.com site (proudly spreading FUD and misinformation since ~2000 or so) and did some random messing with DNS queries. Kinda hard to debug that.
P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P