A queue used for varios IPs = PROBLEM

EduFrazao

Hi all!
I want to use pfSense in a Wireless Internet Provider, to control bandwidth and DHCP for all clientes ( about 300 )…

We have 8mbps of total bandwidth down, and 1mbps UP..

Some clients, have 256kbps of bandwidth, others 512, others 768.

I Want to create this three queues ( 256, 512, 768 kbps ), and create firewall aliases, 256, 512, and 768, and put the ips of each client in this groups. Latter, in the shapping rules, create a rule for Upload and Download, to each group...

Well... At this moment, i reach to do that... The problem is: If I have 4 clients in the 256kbps group, and this 4 clients make a download, the bandwidth of the queue is splited for this 4 clients... I Want that each client, have 256kbps, not the clients share the bandwidth of the queue...

How can I do that? Can I create a queue, that can be used for various clients, allowing the named bandwidth for each client without share himself?

Sorry by bad english...

eri--

Actually only really possible in 1.3!
In 1.2 you can accomplish that but only if your intimate with the shaping.

EduFrazao

Im tryng to use it on 1.3 too, but, when I choose the IN/OUT limiter ( Inserted In Firewall / Traffic Shapping / Limiter ), the traffic stop…

I can conect on a WebServer in example, BUT, nothing returns... If i
n the same rule, I change the In/Out limiter to NONE, all works...

Can you help me to make a correct limiter?

Thanks!

eri--

Simple enough you need to 2 limiters 1 for in and one for out.
Create one with src-mask and the other with dst-mask

For in choose limiter with src-mask and out the one with dst-mask
That should do it.
If it does not post screenshots, config.xml and /tmp/rules.debug here for review.

I assume the rule that you set in and out is in one of your lans.

EduFrazao

The problem continues…

Ive Posted some ScreenShots, Config, and Debug files, as solicited...

This is the Limiter IN

This is the Limiter OUT

Firewall LanRules

Firewall Default Lan Rule ( Was This Rule that Ive changed to use the Limiter IN/OUT)

This is a Download with Limiters Turned ON in the firewall rule…
Note that connection was maded, but the return can reach the destination ( at least I think that )

And NOW, a Download if I remove the limiters from the rule:

HERE is my /tmp/rules.debug:
http://pastebin.com/f274b1ab

And, here is my config.xml ( /cf/conf/config.xml )
http://pastebin.com/f3b36e187

Please… If anyone can Helpme...

EduFrazao

Only for information: This is the version Alpha that Im using:  pfSense-20081024-1237.iso

Thanks a lot

EduFrazao

Another thing that ive noted is:

When the LIMITERS is ON on the firewall rule, any tcp connection that I make, open two conections on PfTOP..

One, with State in 4:4 and other in State 4:2

If I try in example, to conect on a smtp server, via telnet, I reach..  But any data is received ( even the Wellcome message of the SMTP Server ).

When I remove the Limiters from the rule, I reach to connect in the same SMTP Server, and operate with him normally..

IN PFTOP, appears two conections too, but both in State 4:4

I Dont know what this states can tell, everyway, im here posting :)…

EduFrazao

Other Information: In a ping test, with 100 packs..

ALWAYS occour 92% of loose… Always.. The same loose count...

The packet loss of the queue is 0... Ive config it to 1, to test, but Ive got the same result...

Please... Anyone can Helpme?

eri--

Can you try one of the latest snapshots the limiter should behave correctly now since i fixed the issues.
Please give me a confirmation on this.

EduFrazao

Oh… Thank you so mutch Ermal... I will test it now!!!

And, came back to do a feedback!

Thanks again!!!

EduFrazao

OH.. Its seens to be working now…

I will do more tests with more complex filter rules and aliases...

For success or not, i will reply here ok???

IMENSE thanks!!!

eri--

Can i have some feedback from this?