Having trouble with very simple traffic shaping.
-
Hi,
I've set up pfSense with 4 different interfaces (and subnets):
WAN
LAN (work)
HOME
WIRELESSI used the traffic shaping wizard to set up one very simple rule. I set a single machine on the LAN network so it is limited to half of my DSL bandwidth. My traffic shaping rules only show two rules; one inbound and one outbound for the machine I'm throttling. It works, but now whenever I transfer between subnets (ie: WIRELESS –> LAN) it seems to be limited to approximately the speeds that I set as my incoming and outgoing WAN bandwidth.
If I disable traffic shaping everything works fine. The docs say the "traffic shaper will not work for more than one WAN and one LAN interface", so I have no idea how it could be throttling traffic between my subnets. Any ideas?
Ryan
-
Can you bridge the WLAN to your LAN? That should negate routing the packets through the shaper when you're doing internal transfers.
Alternatively, if you're trying to segregate the WLAN and LAN, then bridge the LAN and Home interfaces into a single subnet. For your firewall rule, use "NOT" to invert the destination/ source and list your HOME/ LAN subnet there so internal transfers don't get intercepted by the shaper. -
Thanks for the reply. I mainly want to segregate my LAN from the other interfaces. I'll probably bridge HOME and WIRELESS to make things a bit simpler. I still would like to access my LAN from my laptop using wireless without throttling though. I have a rule set up for this already (if not myLaptop deny access).
The machine I want to throttle is a virtual machine. I have a monowall virtual machine that I set up as a traffic shaping bridge a while back. I must have been having an off day when I posted this since it's a 5 minute job to add that (monowall vm) back into my network. Although, I think the reason I took it out in the first place was because I didn't think it was throttling properly (VMWare clock freq issue was my guess iirc - I've upgraded to ESXi since).
If it comes down to it, could I stop the traffic shaper on pfSense from throttling my local traffic if I set everything up by hand? I'd be happy to spend a few more hours reading docs as long as I know I'll be able to solve the problem.
-
Thanks for the reply. I mainly want to segregate my LAN from the other interfaces. I'll probably bridge HOME and WIRELESS to make things a bit simpler. I still would like to access my LAN from my laptop using wireless without throttling though. I have a rule set up for this already (if not myLaptop deny access).
The machine I want to throttle is a virtual machine. I have a monowall virtual machine that I set up as a traffic shaping bridge a while back. I must have been having an off day when I posted this since it's a 5 minute job to add that (monowall vm) back into my network. Although, I think the reason I took it out in the first place was because I didn't think it was throttling properly (VMWare clock freq issue was my guess iirc - I've upgraded to ESXi since).
If it comes down to it, could I stop the traffic shaper on pfSense from throttling my local traffic if I set everything up by hand? I'd be happy to spend a few more hours reading docs as long as I know I'll be able to solve the problem.
Ok then.
Bridge the HOME and WLAN interfaces. Under the shaper rules, use "NOT" LAN interface subnet in destination for your outbound rules and "NOT" LAN interface subnet in source for your inbound rules. See:This will allow traffic between the LAN interface subnet and WLAN/HOME subnet to bypass throttling in the shaper. They will end up in the default queues.
This though, will obviously still limit your internal transfers to qWANroot and qLANroot.
In this case, you'd raise your root bandwidth to 100mbps or 1000mbps (for a gigabit network).
Then limit the throttled queue to 1/2 your ADSL bandwidth by specifying the actual bandwidth you want to allow.eg. if your adsl is 512Kb/s, you'll specify that queue to have an upperlimit m2 of 256Kb rather than specifying 50%.
-
Hi,
Thank you again for the reply. This is now working for me. I followed your suggestion and set both qWANroot and qLANroot to 1Gbit/s. I didn't actually have to add the ! LAN net rule since the wizard sets it up as WAN<–>LAN. It works perfect for what I need.
Ryan
-
Glad to be of help. ;D I kind of totally forgot about the queues being tagged to in/ out interfaces. ::)