Help with shaping by ip



  • how would i go about using traffic shapeing to limit a single ip address's bandwith on a 2 nic pfsense box?



  • This question has been posted a number of times if you will search.  The basic break down though is you create 2 queues (one up and one down) and then route all traffic from the given IP to those two queues.  use the lower and upper limits etc. to get it set up you want.  Use status >> queues and change your IP to the one you setup to shape to make sure it worked, if it didn't try changing the order of your rules.  Also if you want a specific device to get the same IP address go status>>dhcp leases and bind that mac to a specific IP.  Note that if you want to set a specific upperlimit to an IP, you have to create queues for each IP…so if you want to do this to many IP's it could get messy.



  • I think I will go crazy, because PFsense traffic shaper works wierd!
    PFsense version 1.0.1 (latest, I installed it 2 days ago)

    I need to make traffic shaper limit for one certain IP (192.168.0.11/255.255.255.0)
    I setup fixed IP address on that computer (192.168.0.11) so there is no problem with DHCP or static lease.

    I went trough traffic shaper wizzard.
    after that:
    I made 2 queues (1 for upload, 1 for download)
    oem_up - upperlimit 64Kb (8kb/sec)
    oem_down - upperlimit 128Kb (16kb/sec)

    I made 2 rules (any protocol from any address that goes to (destination) 192.168.0.11 has to go trough oem_down)
    second rule: any protocol to any address that goes from (source) 192.168.0.11 has to go trough oem_up)

    while oem_down works well, oem_up DOES NOT WORK! no matter of queue position, I tried before and after qwandef!

    so, where is the problem?
    http://img109.imageshack.us/my.php?image=untitled2tv9.jpg



  • Why dont you start with the magic shaper, use it for a bit then modify it to taste.



  • Hello. neutralman is right. I get the same problem!, I use pfTop to see how exactly queue works in more real time, I notice that every IP I limit has 0 PKTS,, BYTES, DROP_P, DROP_B, etc.. to outgoing queue! The only outgoing queue working is the default queue. Why is that since the queues handling incoming traffic work pretty fine?

    What is exactly with Target Queue in rules. Why I have to target two queues (one for Outbound and one for Inbound) since I point the rule only to one of wich? I don't get the idea of the the second one! I set the rules, quite similar to the wizard, but clearly does not work for uploads(outgoing).
    Please examine the screenshot I attached!

    Thank you in advance for any explanation/solution given.





  • Ok, problem solved. I don't know why but my whole problem was somehow tied to ACK queues, wich ware missing because I didn't needed them. Any how by adding the ACK queue to the WAN interface, made the outgoing queues work again. One thing obscure still… Originally, I created ACK queue both for WAN and LAN as the wizard also does. But, to my setup, creating ACK queue to LAN, scrued up other incoming queues and all incoming traffic was caught by the LAN ACK queue wich is very strange!!!! So, I just deleted and left only the ACK for WAN.

    This shaper hes left me a really wired impression. With simple queues made from scratch you are bound to always have problems, this should not happen. For example I do not understand why you should necessarily have ACK queue since I only want to limit the speed to some IP's no matter the kind of packets they carry.

    Any explenations given are welcome. Thank you!



  • We only support the "wizard" created rules and queues currently.  As you have found out, HFSC has some mad voodoo associated with it.



  • @sullrich:

    We only support the "wizard" created rules and queues currently.  As you have found out, HFSC has some mad voodoo associated with it.

    lol mad voodoo? its just not documented very well. one day I should just sit down and do a proper documentation.



  • @Leoandru:

    lol mad voodoo? its just not documented very well. one day I should just sit down and do a proper documentation.

    Indeed.  If its not documented then its a mystery.  Which in my mind is Mad Voodoo :)



  • I have a few newer files which might be of help. They need more testing. And it seems I can borrow some of your time for a bit :-)

    replace /usr/local/www/wizards/ traffic_shaper_wizard.inc and traffic_shaper_wizard.xml with the files from my site.

    http://iserv.nl/files/pfsense/?M=D

    Those should work. Any comments please.


Locked