Can 2.0 traffic shape based on NIC port?

  • I have a total of 1.54Mbps up and down T1 connection. Can I dedicate NIC port #1 to use 800Kbps max and NIC port #2 to use the remaining 534Kbps?

    I would really appreciate if someone can answer me if pfSense 2.0 is capable of doing this or any sort of traffic limiting based on NIC port.


  • Sure.
    You just create the queues necessary with the limits and send trafic accordingly

  • If you want a hard bandwidth limit for each NIC and not shared-if-not-full, you can use Shapers to do accomplish this with a hard limit.

  • Thanks for the input guys.

    Can you please elaborate a bit more about shaper/queue as I am not sure where specifically in the Traffic Shaping section a NIC port is selected. It much more complicated than selecting a port and adding an up and down limit to it so I appreciate a bit more insight.


  • download queues go on the LAN interfaces, upload queues go on the WAN interface.  I guess you have a LAN interface and OPT1 interface for the LAN side?  You should have an entry for each interface on the traffic shaper "by interface" tab.  You can set the limit of each interface on that screen.  LAN1 bandwidth=800Kbps, LAN2=534kbps, WAN=1540kbps… that should split the download bw the way you want but the upload will be shared, not caring which lan the traffic comes from.  To split the upload, you would create two new queues on the WAN interface, say q1 and q2.  (i'm using hfsc because that's the one i'm familiar with)  Set both q1 and q2 to the same priority, set the bandwidth=1% or anything so long as they are the same, set an upperlimit m2 value to 534kbps and 800kbps respectively (by the way there is something wrong with the math here!).  All the other blocks can be left blank...  Then you would make a couple simple firewall rules to send the upload traffic to the two queues you made... on the rules page LAN tab, add a rule, pass, LAN, Protocol=any, source=LAN1 address, dest=any, ports=any, then at the bottom set the ackqueue/queue to q1.  The other rule would be source=LAN2 address (or OPT1, whatever it's called), and queue q2.  But now I realize there is a problem with this because you can't make the ackqueue and queue the same, so you'll have to make a qACK and a qDefault on each lan interface, and a qDefault on the WAN interface, because each enabled interface has to have a default queue...  so anyway, make all the queues and then set the ackqueue/queue to qACK/q1, etc.  I think this would be the minimum queues and rules you would need:
    ---->qDefault(bw=1%, default box checked)
    ---->qACK(bw=1%, realtime m2=30%)
    ---->q1(bw=1%,upperlimit m2=800Kb)
    ---->q2(bw=1%,upperlimit m2=534Kb)
    ---->qDefault(bw=1%, default box checked)
    ---->qACK(bw=1%, realtime m2=30%)
    ---->same as LAN1

    On the WAN you could leave off the qDefault and mark any of the others default, so long as you have something marked default, but this is a bit more organized.  The realtime for the qACK makes sure that the ACKs will always get through to keep traffic flowing, even when traffic is full, up to 30% which is more than they would ever need but it doesn't matter it will only use what it needs, the rest is available to the other queues. Firewall rules:
    PASS, LAN, proto=any, source="LAN1 address", any any any, qACK,q1
    PASS, LAN, proto=any, source="LAN2 address", any any any, qACK,q2

    Ok, i'm new at this and have never had 2 lans, but bored right now since my little pfsense box is working well!  Now someone can tell me where i'm wrong, but this should give you some ideas.  If you want the two LANs to share the bandwidth, able to use whatever the other lan doesn't, then it doesn't really work, you probably have to bridge them together, making them like a built in 2 port switch.

Log in to reply