PFsense and m0n0wall traffic shaping



  • How do I get the same traffic shaping configuration as the standard m0n0wall wizard makes?

    I have tried for hours now and I can’t get PFsense traffic shaping to work as well as m0n0wall wizard makes.

    When I put in the same line speed, same rules on both and max my upload speed with bitorrent, I get a ping of 9-14ms in m0n0wall and 600-800 ms and also get packet loss in PFsense?

    When I use M0n0walls shaping wizard I don’t have to set any priority for example games and internet, everything just works great with low latency. The automatic packet rules m0n0wall makes works great.

    it should have been possible to choose between the m0n0walls and pfsense shaping system becasue i want m0n0walls traffic shaping and all the functions off pfsense :P



  • You cannot get the same.  pfSense uses ALTQ.  M0n0wall uses Dummynet.

    In addition there is a bug with PF + Dummynet where anytime a rdr is present on top of Dummynet queues, all traffic simply stops.  We have brought the issue up on FreeBSD lists prior to nobody wishing to fix it.



  • After reading this post, I had to try it for myself and I hate to say it, but the monowall traffic shaper does work better.
    My testing was to allow a bit torrent program on one computer to start uploading at about 75% of my total upload speed (1mbps).
    I then started a Counter Strike game on another computer and was connected to a server with a latency of ~25.
    Then, I let the torrent program run at full speed while watching the latency on the Counter Strike game. It never wavered.
    This is not possible with ALTQ, at least I haven't been able to achieve it.



  • @Gitsum:

    After reading this post, I had to try it for myself and I hate to say it, but the monowall traffic shaper does work better.
    My testing was to allow a bit torrent program on one computer to start uploading at about 75% of my total upload speed (1mbps).
    I then started a Counter Strike game on another computer and was connected to a server with a latency of ~25.
    Then, I let the torrent program run at full speed while watching the latency on the Counter Strike game. It never wavered.
    This is not possible with ALTQ, at least I haven't been able to achieve it.

    You have to tweak it.  Simply setting it up and expecting it to work better just won't happen.  You need to tweak the queues so that no drops occur.  I bet if you repeat the test and then watch the queue stats you will see drops in vital queues.

    Visit the traffic shaping tips and tricks thread for more info.



  • I regards to the ping time, after you run the wizard ICMP is a lower priority service by default, your ping times will naturally be higher because of this.  If you want low ping times route ICMP through high priority queue…although for many security reasons I wouldn't, overall its nice to have ICMP a low priority.



  • @Justinw:

    I regards to the ping time, after you run the wizard ICMP is a lower priority service by default, your ping times will naturally be higher because of this.  If you want low ping times route ICMP through high priority queue…although for many security reasons I wouldn't, overall its nice to have ICMP a low priority.

    FYI, the logic behind ICMP defaulting to low priority instead of high is based mainly on network troubleshooting.  I felt ICMP should be a reasonable indicator of the network utilization and thus should be stomped on when other traffic needs the pipe.  As noted, you can easily change the queue (and even the setting in the wizard I believe).  BTW, game ping times are sometimes done via UDP not ICMP (I love how people reinvent the wheel) - no comment on Counter Strike, dunno what it uses.

    –Bill



  • I see now that it looks as though they are implementing the m0n0wall shaper as an option in pfsense.
    Choice is good.
    But I can't seem to figure out how to enable it?



  • It is not ready.  Kernel patches are still being sorted out.



  • Will the Dummynet option be available in 1.2 beta?



  • No, 1.2 is feature frozen.



  • "It is not ready.  Kernel patches are still being sorted out."


Log in to reply