ALTQ and daisy chaining VLANs

Routing and Multi WAN
Log in to reply
  • T

    Hi all,

    I have six not very technical users are (trying) to share an awful ADSL connection which speed tests at about 0.2/1.5Mbps. Sharing one "short" video to snapchat brings the whole connection essentially to a halt. The place is in desperate need of traffic shaping and caching.

    After doing a bunch of research I settled on pfsense and purchased a SG-1000's to act as a home router for the family home. Setup of the system has gone smoothly except for the most important aspect, the traffic shaping.

    According to: https://forum.pfsense.org/index.php?topic=122798.0 it turns out that the SC-1000 NICs do not support ALTQ => no shaping. However in the same thread it's hinted that you can get around this limitation by using VLANs (which do support ALTQ) and some firewall settings.

    I assume that the solution requires you to configure pfsense to route internally like so:

    Internet <–-> WAN <---> VLAN10 <---> VLAN11 <---> LAN

    (Where: VLAN10 is bound to the WAN physical interface and VLAN11 is bound to the LAN physical interface.)

    So LAN traffic to/from the Internet is forced to pass through VLAN10 and VLAN11. This then allows you to traffic shape VLAN10 and VLAN11 for upload and download respectively.

    I've researched this to death and just cannot to find an answer (all related material out there seems to deal with multi-wan). So I am really shooting in the dark here. Please go easy on me as I'm a complete pfsense newbie. Any help would be greatly appreciated.

    My current attempt at this:

    Interfaces & Gateways:
    http://i.imgur.com/jcZuubD

    Firewall Rules:
    http://imgur.com/5fAQSG8
    http://imgur.com/2lOA7wV
    http://imgur.com/qmEkS0A
    http://imgur.com/Dx4Znry

    Interface Assignments:
    http://imgur.com/bMQeiYw

    Despite the firewall rules, with this setup, when I trace route from pfsense, the two VLANs and LAN traffic go directly to the WAN.

    In the Interface Configration for WAN_ALTQ and LAN_ALTQ if I set the "Upstream Gateway" from "none" to a gateway like so:
    http://imgur.com/37mTAUp
    I kill the internet access for that interface and LAN still gets out directly via WAN.

    Any help would be greatly appreciated. Cheers!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy