Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ALTQ and daisy chaining VLANs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 503 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TauCeti
      last edited by

      Hi all,

      I have six not very technical users are (trying) to share an awful ADSL connection which speed tests at about 0.2/1.5Mbps. Sharing one "short" video to snapchat brings the whole connection essentially to a halt. The place is in desperate need of traffic shaping and caching.

      After doing a bunch of research I settled on pfsense and purchased a SG-1000's to act as a home router for the family home. Setup of the system has gone smoothly except for the most important aspect, the traffic shaping.

      According to: https://forum.pfsense.org/index.php?topic=122798.0 it turns out that the SC-1000 NICs do not support ALTQ => no shaping. However in the same thread it's hinted that you can get around this limitation by using VLANs (which do support ALTQ) and some firewall settings.

      I assume that the solution requires you to configure pfsense to route internally like so:

      Internet <–-> WAN <---> VLAN10 <---> VLAN11 <---> LAN

      (Where: VLAN10 is bound to the WAN physical interface and VLAN11 is bound to the LAN physical interface.)

      So LAN traffic to/from the Internet is forced to pass through VLAN10 and VLAN11. This then allows you to traffic shape VLAN10 and VLAN11 for upload and download respectively.

      I've researched this to death and just cannot to find an answer (all related material out there seems to deal with multi-wan). So I am really shooting in the dark here. Please go easy on me as I'm a complete pfsense newbie. Any help would be greatly appreciated.

      My current attempt at this:

      Interfaces & Gateways:
      http://i.imgur.com/jcZuubD

      Firewall Rules:
      http://imgur.com/5fAQSG8
      http://imgur.com/2lOA7wV
      http://imgur.com/qmEkS0A
      http://imgur.com/Dx4Znry

      Interface Assignments:
      http://imgur.com/bMQeiYw

      Despite the firewall rules, with this setup, when I trace route from pfsense, the two VLANs and LAN traffic go directly to the WAN.

      In the Interface Configration for WAN_ALTQ and LAN_ALTQ if I set the "Upstream Gateway" from "none" to a gateway like so:
      http://imgur.com/37mTAUp
      I kill the internet access for that interface and LAN still gets out directly via WAN.

      Any help would be greatly appreciated. Cheers!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.