P2p traffic going in the wrong queue



  • I used the traffic shaper wizard "Single LAN, multi WAN" (1 LAN 1 WAN). I just selected BT for p2p and then 1 game, and few other protocols. I then went in the floating rules and changed the p2p ports to match the port used by the BT client for both  tcp and udp.

    I ran tests and the BT traffic goes to the qDefault for the upload and qLink for the doownload. I see a little bit of activity on the p2p queue, but it's nowhere near the amount of traffic that it is used by the BT client.

    I was under the impression that once set the rule, all the traffic matching that rule should be processed in the respsective quue. What Am I missing?



  • I actually had this same issue.  Torrent traffic is hard to shape, especially the outgoing traffic since it uses random ports (you can force certain outgoing ports, but it may affect your performance). I ended up adding a second ip address to my lan adapter and bound the torrent client to that address.  I also used forcebindip to make sure the client is using that address, but it might not be necessary.  Then I just configured QoS for that ip and it's been working fine since. Just give the set ip low priority and all other udp traffic high priority for you games.



  • I set the torrent client to use a single specific port and manually created NAT and firewall rules using that port for both udp and tcp pointing to the internal BT client. I then modified the default floating rule for BT to match the port I am using. It's pretty straight forward and it should work, but it doesn't for some reason.



  • Setting a specific port in your torrent client is only for incoming connections.  Outgoing connections use random ports.  If you haven't bound specific outgoing ports then your outgoing traffic isn't going to be shaped properly.  It's still much easier shaping torrent traffic by binding the client to a unique ip address.



  • If you guys don't mind I'll piggyback off this thread instead of starting another since I'm in the same boat. I just jumped ship from RouterOS to pfSense and I could use some help with firewall rules for correctly catching traffic.

    I have torrent on a separate VM so I can shape based on host IP, on Mikrotik I would mangle and mark packets to and from the torrent IP but I'm having trouble with pfSense. I can't find a packet flow diagram and I'm not sure where to catch what I need. Since all queuing is done on the outgoing interface, if I want to shape uploads I would have to select WAN in the floating rule and set my torrent vm IP as source, correct? I tried this but the traffic is still going to qDefault and I'm guessing since WAN is after NAT that at that point it does't know where the packets came from…  What makes it even more confusing is that it ask me to select the first interface the traffic in the rule is hitting but if select LAN then how can I shape on the outgoing interface? In RouterOS I would mangle/mark in the forward chain then shape on the Global-OUT interface HTB, and I'm not seeing where I can configure it like that. Is the selection of LAN/WAN in the floating rule for selecting where to shape or where to mark?

    Maybe I'm way off but this is my first experience with pf traffic shaping and I could use some help wrapping my head around the traffic flow and where to look.



  • @miraclemaxim:

    Setting a specific port in your torrent client is only for incoming connections.  Outgoing connections use random ports.  If you haven't bound specific outgoing ports then your outgoing traffic isn't going to be shaped properly.  It's still much easier shaping torrent traffic by binding the client to a unique ip address.

    I did as suggested, binding the torrent client to a separate IP,and verified that BT traffic is using it. However the bulk of the traffic is still going in the default queue, both for upload and download (I added another floating rule for p2p traffic download, using LAN for interface and the IP assigned to the BT client as destination).

    This leads me to another question, since the wizard only creates rules for outgoing traffic, does it make sense to create rules for incoming (p2p in this case)?



  • If is the download speed your wizzed off about then there is an option limiter http://forum.pfsense.org/index.php/topic,57169.0.html what limits the download and upload speeds but dont forget not all torrents are copyrighted stuff, Linux distribution's are one of them.

    However

    1. limit maximum concurrent connections. Bittorrent will connect hundreds of connections for better speed, so limit the maximum connections number can limit its downloading speed.

    2. Installing a squid web cache, Put in the rule to block: .torrent



  • That's an alternative. BT traffic is not a big issue for me, I just wanted to prioritize regular traffic over BT when needed more than setting a hard limit to it. I was mostly trying to figure what I did wrong with the traffic shaping because as far as I can tell I set it up correctly, but for some reason the rules are not being applied correctly and the bulk of BT traffic still goes to the default queues.


Locked