Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does it work?

    Traffic Shaping
    2
    2
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      The_cobra666
      last edited by

      Hi all,

      I have a few questions. The first one is: how does the traffic shaper work? Can I assume it reads the TCP headers and checks the flags in every packet? Based on the flag, it pushes the packet to a specific queue? How does the traffic shaper knows the traffic come's from bittorent or any other based P2P network? From my understanding, a lot of rules use ports. But in the case of bittorent the port can be changed. In that case, it's easy to bypass the traffic shaper.

      I know that the traffic shaper drops packets based on the RED and ECN algorithm, if that option is enabled in the queue a packet ends in. The wizard also enables a "penalty box". I have enabled that option and specified a host. For some reason, all the traffic from that host is still ending in the "othersdownh" queue, instead of the penalty. Why? From my understanding of the penalty box, all traffic for example from: 10.0.0.2, should end in the penalty queue and thus being able to limit that specific host.

      Also I'm using Squid (transparent mode) + Squid guard. Would this be the reason it's ending in the othersdownh queue? Where is the traffic shaper placed: router ==> firewall ==> traffic shaper ==> squid?

      Not finished yet :p If I want to split my servers and clients with Vlan's, will pfsense's traffic shaper / squid still be able to work? I know this could be a stupid question, but I've never used vlan's before and need to be sure. The network would then be:

      INTERNET ==> PFSENSE (squid, trafficshaper, snort etc)
                                      ==>        vlan 1: clients
                                      ==>        vlan 2: servers

      I'm sorry if these questions have already been answered, but I need to be 100% sure, cause some of this is going into my paper :)

      1 Reply Last reply Reply Quote 0
      • J
        j0ris
        last edited by

        Traffic shaping in Pfsense 1.2 is based on IPs and ports, so indeed as you say it is quite useless to classify and shape torrent traffic. In 2.0 there will be "L7 filters", which work by packet inspection.

        Squid in transparent mode will send everything to qlandef, see http://forum.pfsense.org/index.php/topic,14436.0.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.