Never see queues other than the default one, queue and monitoring graph is wrong

giskard · Apr 15, 2017, 12:36 PM

I have never seen speed over than 0 bps or packet appear in queues other than the qdefault or qlink, like the attachment, and the information of the Queues Status is more often wrong, sometime the showed speed is over 1 Gbps which is just impossible, and even with the monitoring view, the data is just the same for the queues. but with pftop (the label view) I can see packets from other protocol.

another thing is how can achieve that no speed is limited for two lan communication in two different subnet? one of the lan interface is used mainly for out forward to wan, the other lan is connected with a server, I do not want speed be limited for users in the lan interface download file from the server which is in the other interface

Thank you very much!
![2017-04-15 20-27-24 的屏幕截图.png_thumb](/public/imported_attachments/1/2017-04-15 20-27-24 的屏幕截图.png_thumb)
![2017-04-15 20-27-24 的屏幕截图.png](/public/imported_attachments/1/2017-04-15 20-27-24 的屏幕截图.png)
![2017-04-15 20-15-26 的屏幕截图.png_thumb](/public/imported_attachments/1/2017-04-15 20-15-26 的屏幕截图.png_thumb)
![2017-04-15 20-15-26 的屏幕截图.png](/public/imported_attachments/1/2017-04-15 20-15-26 的屏幕截图.png)

giskard · Apr 15, 2017, 1:25 PM

I forgot this, the trafic shaper rule is set up with the Wizard

![2017-04-15 21-23-23 的屏幕截图.png_thumb](/public/imported_attachments/1/2017-04-15 21-23-23 的屏幕截图.png_thumb)
![2017-04-15 21-23-23 的屏幕截图.png](/public/imported_attachments/1/2017-04-15 21-23-23 的屏幕截图.png)

Harvy66 · Apr 15, 2017, 3:47 PM

The Status Queues view does have an issue with the sampling and windowing functions that can make it show the wrong values for current rates, but the totals and ratios of activity should be roughly correct.

I recommend checking the "Codel Active Queue" in all of your leaf queues.
Set on of the queues under qInternet on your LAN interface as the default. Probably qOthersLow
Show us some of your rules, like "m_other HTTPS Outbound"

TauCeti · Apr 16, 2017, 1:36 AM

You may have been tripped up by this bug:
https://redmine.pfsense.org/issues/7116

The short version is: The floating firewall rules that assign traffic to your queues have to have their Action changed from "match" to "pass".

Also from command line use:
pftop -s1 -v queue

It's like the graphical queues but updates more regularly and is more accurate.

giskard · Apr 17, 2017, 7:46 AM

all the queues are enabled, I agree with TauCeti that this is the bug, thank you so much!

EricE · Oct 1, 2017, 1:06 AM

@TauCeti:

The short version is: The floating firewall rules that assign traffic to your queues have to have their Action changed from "match" to "pass".

Anyone reading this thread, be careful using PASS in floating rules, this can open your internal network up to the Internet.

If you need to use PASS rules, don't use floating rules but put them in the LAN or other appropriate interface.