Traffic shaper changes [90% completed, please send money to complete bounty]
-
I have 2 WAN, 1 of the WAN's is for use by DMZ VOIP only, and the other is for my LAN.
That's the bounty requirement and it is fulfilled.
As for the other parts those are rfeatures that pfSense supports already.
-
All the people that have contributed to this bounty should have a PM(private message) on their inboxes.
If by any chance i have left anybody out please contact me.Thank you again to all of you.
-
Ok, just sent $200 to paypal@chrisbuechler.com
-
sent $100 to paypal@chrisbuechler.com
Lee
-
Thx ermal for the great job.
-
All seems to be working pretty good in my environment with this new Traffic Shapper. The only problem I am having, is I would like to be able to see the queue's and there total usage so I can troubleshoot where the problems are. When I clock Traffic Shaper under the Firewall menu, I do see the shaper and the settings I have made. But when I goto Status, and choose Queues, and it returns back, "Traffic shaping is currently disabled." Let me know if I am doing something wrong…
Thanks!
NateP.S. I did use the EZ Traffic Shaper to create my rules.
-
Hmm its a forgotten merge on the update i gave just change this from the /usr/local/www/status_queues.php
63 if(!isset($config['shaper']['enable'])) {
to
if (!is_array($config['shaper']['queue'])) {The numbers are the line number.
Or if you wish go here to this link and save it in your pfSense router as /usr/local/www/status_queues.php.
Sorry about the disruption. It will be fixed on the next one.
-
you have to receive a present, please send me an invoice
300$ Done!
greetings
heiko -
Thank You very much!
Nice present :)
-
My Pleasure! ;)
-
$50 sent to paypal@chrisbuechler.com
Thanks for all the work!
-
For all the bounty people a simple introduction to the new shaper interface:
There are 5 new things:
1- Floating rules
2- The way you configure queues
3- The way you setup traffic to belong to a queue
4- DSCP(diffserv codepoint) matching
5- IPSec tunnels shaping1- Is a tool to allow all sort of things.
Basically from this tab you can choose multiple interfaces for a rule. Which direction the rule applies, if it is a terminating rule[quick], if you want to tag traffic with it for later matching it with this tag.
For example you want the http traffic is allowed to go out on every interface you have.
Just setup direction outgoing, port 80 and click save.
If you want the rule to apply only to certain interfaces select them at the interface selection with holding down CTRL button and choosing the ones you want and the above rule applies only to those interfaces.
This way for example you can load balance squid. With a rule as pass out from any to any port 80Now if you do not select the quick option the rule is not terminating meaning even if it matches the traffic it goes to the next rule and matching against those. If the next rule matches it is the matching rule now. Tags can be applied from one rule to the other.
IE let say you want to pass/shape traffic from protocol tcp,icmp,udp from different interfaces to a same queue. Instead of having to choose the action/queue on each rule just setup the rules and on advanced section apply the same tag to them. At the end of these just setup a rule which passes or block the traffic tagged/marked with the previous tag or the queue they should go. So next time you decide this traffic should go to a different queue you just change one rule and not all of them.
Beaware that to preserve previous behaviour the rules created on the specific interface take priority meaning that they just are applied if traffic matches and that is the final verdict.
So i fyou want a mix of FloatingRules and specific interface rules you must be very specific on the specific interface rules so not to override the actions choosed on floating rules.2- Now on the Firewall->Traffic shaper you configure only the queue parameters.
To know better what they mean you have to read the pf.conf manual page or just go at http://www.openbsd.org/faq/pf and read about shaping.To shape traffic on multiple interfaces with only one rule. Just create on multiple interfaces queue with the same name and than just setup a rule that makes desired traffic go to that queue and even if traffic passes to different interface it will go to this queue and be shaped accordingly.
Be aware that the queues with the same names share only the name they can have different priority bandwidth discipline or even the hierarchy of queue may be different. Just the name has to be the same.For example, if you have 3 interfaces. One LAN 1 and 2 internet links. Have created a load balancing pool for the 2 internet links and want to shape http traffic on the links to the queue http created with the desired parameter on the Traffic shaper configuration.
There are 2 ways to do it.
a) From the lan tab choose all traffic with a destination port of http and select queue http this takes care of it.
b) go to Floating tab and create the same rule there.
If you have Squid running and want to loadbalance the only place is the Floating tab. Create a rule with outgoing direction and select the 2 interfaces where the internet links are connected and choose the queue http for traffic with destination port 80 and protocol tcp.3- Now the queues are specified on the rule tab and you have easily noticed that.
4- You can now match traffic based on DSCP so easier to match VoIP traffic.
5- IPSec inside tunnels is transparent.
Just setup rules as you do for traffic passing from LAN to WAN and choose the queue you want to apply.
So if you want RDP to have priority better than other thing on the tunnel just setup rules as said on 1-.For any questions do not hesitate.
Regards and thank you again for your support,
Ermal -
Forgot the By queues view:
It allows you to copy queues from one interface to the other.
Cloning a full interface is not currently supported. -
is it possible to make a new queue that is a child of an existing queue?
-
Sure.
-
If I have a queue called qVoip23 in the Lan, how do I make a new queue that has as parent qVoip23 ?
-
click qVoip23 on the tree and than click"Add queue" button at the bottom of the form.
I though it was intuitive enough, no?!
-
Wondering if it would make sense to be able to right click a queue and receive a popup that has delete queue and add new child queue?
-
Wondering if it would make sense to be able to right click a queue and receive a popup that has delete queue and add new child queue?
To me seems like hidden functionality since most web function are performed with click-and-go.
Nice would be to have drag-and-drop actually for the queues allowing them to clone easily but this version of the tree does not have it afaik.
-
@ermal:
click qVoip23 on the tree and than click"Add queue" button at the bottom of the form.
I though it was intuitive enough, no?!
:-)
I didnt get it. I get it now.
maybe change "Add queue" to "Add child queue" ?