A queue used for varios IPs = PROBLEM



  • Hi all!
    I want to use pfSense in a Wireless Internet Provider, to control bandwidth and DHCP for all clientes ( about 300 )…

    We have 8mbps of total bandwidth down, and 1mbps UP..

    Some clients, have 256kbps of bandwidth, others 512, others 768.

    I Want to create this three queues ( 256, 512, 768 kbps ), and create firewall aliases, 256, 512, and 768, and put the ips of each client in this groups. Latter, in the shapping rules, create a rule for Upload and Download, to each group...

    Well... At this moment, i reach to do that... The problem is: If I have 4 clients in the 256kbps group, and this 4 clients make a download, the bandwidth of the queue is splited for this 4 clients... I Want that each client, have 256kbps, not the clients share the bandwidth of the queue...

    How can I do that? Can I create a queue, that can be used for various clients, allowing the named bandwidth for each client without share himself?

    Sorry by bad english...



  • Actually only really possible in 1.3!
    In 1.2 you can accomplish that but only if your intimate with the shaping.



  • Im tryng to use it on 1.3 too, but, when I choose the IN/OUT limiter ( Inserted In Firewall / Traffic Shapping / Limiter ), the traffic stop…

    I can conect on a WebServer in example, BUT, nothing returns... If i
    n the same rule, I change the In/Out limiter to NONE, all works...

    Can you help me to make a correct limiter?

    Thanks!



  • Simple enough you need to 2 limiters 1 for in and one for out.
    Create one with src-mask and the other with dst-mask

    For in choose limiter with src-mask and out the one with dst-mask
    That should do it.
    If it does not post screenshots, config.xml and /tmp/rules.debug here for review.

    I assume the rule that you set in and out is in one of your lans.



  • The problem continues…

    Ive Posted some ScreenShots, Config, and Debug files, as solicited...

    This is the Limiter IN

    This is the Limiter OUT

    Firewall LanRules

    Firewall Default Lan Rule ( Was This Rule that Ive changed to use the Limiter IN/OUT)

    This is a Download with Limiters Turned ON in the firewall rule…
    Note that connection was maded, but the return can reach the destination ( at least I think that )

    And NOW, a Download if I remove the limiters from the rule:

    HERE is my /tmp/rules.debug:
    http://pastebin.com/f274b1ab

    And, here is my config.xml ( /cf/conf/config.xml )
    http://pastebin.com/f3b36e187

    Please… If anyone can Helpme...



  • Only for information: This is the version Alpha that Im using:  pfSense-20081024-1237.iso

    Thanks a lot



  • Another thing that ive noted is:

    When the LIMITERS is ON on the firewall rule, any tcp connection that I make, open two conections on PfTOP..

    One, with State in 4:4 and other in State 4:2

    If I try in example, to conect on a smtp server, via telnet, I reach..  But any data is received ( even the Wellcome message of the SMTP Server ).

    When I remove the Limiters from the rule, I reach to connect in the same SMTP Server, and operate with him normally..

    IN PFTOP, appears two conections too, but both in State 4:4

    I Dont know what this states can tell, everyway, im here posting :)…



  • Other Information: In a ping test, with 100 packs..

    ALWAYS occour 92% of loose… Always.. The same loose count...

    The packet loss of the queue is 0... Ive config it to 1, to test, but Ive got the same result...

    Please... Anyone can Helpme?



  • Can you try one of the latest snapshots the limiter should behave correctly now since i fixed the issues.
    Please give me a confirmation on this.



  • Oh… Thank you so mutch Ermal... I will test it now!!!

    And, came back to do a feedback!

    Thanks again!!!



  • OH.. Its seens to be working now…

    I will do more tests with more complex filter rules and aliases...

    For success or not, i will reply here ok???

    IMENSE thanks!!!



  • Can i have some feedback from this?


Log in to reply