• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need same functionality as my linux traffic shaping rules…possible?

Scheduled Pinned Locked Moved Traffic Shaping
2 Posts 2 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nix4me
    last edited by Oct 22, 2006, 2:37 PM

    Hi,
    I currently use ipcop on an old machine and I love it however I am interested in moving to an embedded box with pfsense.  I wrote my own custom traffic shaping rules for linux and I would like to know if the same setup is possible with pfsense.  Here are my rules:

    #!/bin/bash

    clear out the chain and setup a new chain

    iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
    iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
    iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
    iptables -t mangle -N BW-OUT
    iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT

    mark packets: 3 is active ftp and passive ftp, 2 is email, 1 is ACK for downloads and everything else

    iptables -t mangle -A BW-OUT -p tcp -m length –length :64 -j MARK --set-mark 1
    iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j RETURN
    iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 2
    iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j RETURN
    iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 3
    iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j RETURN
    iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 3
    iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j RETURN

    clear the qdisc

    tc qdisc del dev eth1 root
    #add the root qdisk
    tc qdisc add dev eth1 root handle 1: htb default 10
    #add main rate limit class and 2 leafs
    tc class add dev eth1 parent 1: classid 1:1 htb rate 105kbps ceil 105kbps
    tc class add dev eth1 parent 1:1 classid 1:10 htb rate 45kbps ceil 105kbps prio 0
    tc class add dev eth1 parent 1:1 classid 1:11 htb rate 40kbps ceil 105kbps prio 1
    tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbps ceil 105kbps prio 2
    #filter traffic into classes
    tc filter add dev eth1 parent 1:0  prio 0 protocol ip handle 1 fw flowid 1:10
    tc filter add dev eth1 parent 1:0  prio 1 protocol ip handle 2 fw flowid 1:11
    tc filter add dev eth1 parent 1:0  prio 2 protocol ip handle 3 fw flowid 1:12

    These rules work perfectly for my setup.  They cap my ftp server to 100K and when an email is sent, the email has priority.  The sharing and priority setup is also great so that the higher priority root class can borrow from the ftp if needed.  They also allow the small ack packets to get priority so that downloads dont suffer.

    Is this possible with pfsense?

    Thanks,
    Mark

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Oct 22, 2006, 2:47 PM

      You can't reuse these config as pfSense doesn't use iptables. However the pfSense shaper can work in a similiar way when set up correctly. I suggest just trying to setup pfSense and running the wizard. Then just see what rules it does create and what options you have.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received