Basic traffic shaping wizard for WAN and multiple LANs - is it good enough?

  • Hi,
    I've been trying to set up traffic shapping in pfsense 2.0, so far everything seems to work as expected.
    1. WAN1 - 100Mbps/100Mbps - fibre optic line which will be used for all below connections
    2. WAN2 - 3Mpbs/0.6Mbps - ADSL line which will be used as a backup in case of disaster
    3. LAN - VoIP traffic (in house asterisk server) and web browsing, downloading through http/https, torrent and other clients.
    4. DMZ - web server which is serving few websites (not big traffic but upload speed need to be kept in reasonable minimum limits)
    5. WIFI - mainly used internally but few clients connected to web, so some traffic can be generated (you never know when someone can use torrent client to download staff, so that's a reason why need to be shapped as well).

    So I've followed by wizard and create some basic queues. I've used WAN1 and LAN, DMZ, WIFI (1 WAN + 3 LANs) - all with HFSC.

    For download/upload bandwidth I've put 100Mbps but I've seen somewhere that there should be 90% of total bandwidth but I'm not sure if I should waste 10Mbps?

    Reserve 3Mbps bandwidth for VoIP. As far I can see this applied for all mentioned interfaces and I'm not sure if that's worth to change for other local interfaces as mainly on LAN there will be VoIP traffic (DMZ - just http/https, WIFI - just web browsing, maybe torrent).

    I've created penalty box with alias, so if someone will give me hard time in the future, there will be place for this guy.

    P2P CatchAll enabled with 5% bandwidth availability and BitTorrent ticked. I've checked this quickly and that might not work if I've change a port or if someone encrypting the traffic.

    Other priorities - RDP, IPSec, HTTP/HTTPS.

    I would say I'm happy with VoIP traffic but I'm interested now about DMZ and HTTP/HTTPS upload speed. As I've prioritised HTTP/HTTPS I can see that if I'm downloading through http protocol I'm taking a lot of bandwidth (through LAN) but upload speed shouldn't be affected in DMZ. In this case I shouldn't be worried about DMZ upload or should I put additional rules to guarantee up/down in DMZ.

    Hopefully someone has got the same configuration in place and can explain if I'm fine with this basic config.

Log in to reply