Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Traffic Shaping: LAN Party Gaming Traffic over HTTP/Steam Downloads

    Traffic Shaping
    3
    6
    7143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elgwhoppo last edited by

      Hi all, newb to the forums here. I've been playing with pfSense a little bit recently and have started to get a pretty good handle on the product.

      I was wondering if I might beseech your help in reading a post I wrote recently titled "Using pfSense for QoS at a LAN Party: Nerfing the Steam downloads and HTTP traffic". I also included a Vimeo video with a demonstration. I was hoping to get some feedback, or perhaps some better tips to shape the traffic. I'm definitely not an expert, but wouldn't mind presenting the most accurate information possible on my own post. If you don't want to click the link you can just google the title of the post.

      Cheers all!

      http://elgwhoppo.com/2012/11/17/using-pfsense-for-qos-at-a-lan-party-nerfing-the-steam-downloads-and-http-traffic/

      1 Reply Last reply Reply Quote 0
      • E
        elgwhoppo last edited by

        Posted an update today, version 1.3 if anyone is/was curious on this.

        http://elgwhoppo.com/2013/09/04/pfsense-lan-party-qos-1-3-individually-limited-tcp-streams/

        1 Reply Last reply Reply Quote 0
        • C
          cheonne last edited by

          correct me if im wrong
          i read somewhere that qACK QUEUE does not apply to UDP protocol
          only for TCP protocol

          1 Reply Last reply Reply Quote 0
          • E
            elgwhoppo last edited by

            Correct, UDP does not use SYN/ACK as it is a connectionless protocol.

            1 Reply Last reply Reply Quote 0
            • G
              georgeman last edited by

              Did seriously create 410 different rules?!

              Couldn't you create a floating rule, direction Out, on the LAN interface and apply the limiter using destination address as a mask? I have never tried it but from the top of my head it looks it would work

              1 Reply Last reply Reply Quote 0
              • E
                elgwhoppo last edited by

                Hey georgeman, I get what you're saying, trust me I'd love to do one floating rule, but I found this during my testing and research of the settings.

                https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Setup_Limiters

                “pfSense currently only allows setting the source address or the destination address as the mask, meaning that you can give each host behind your firewall its own set of pipes so that each node is restricted to using a certain amount of bandwidth. To do this you would give your In pipe a Source Address mask, so that each host sending packets gets it’s own dynamic pipe for uploading. You would give your Out pipe a destination address mask, so that each host receiving packets gets it’s own dynamic pipe for downloading.”

                Also on the mask config in the pfSense GUI it reads:
                If ‘source’ or ‘destination’ is chosen, a dynamic pipe with the bandwidth, delay, packet loss and queue size given above will be created for each source/destination IP address encountered, respectively. This makes it possible to easily specify bandwidth limits per host.

                My understanding of these documented statements is that the limiter can limit upload for each LAN –> WAN session (source), or download can be limited for each WAN –> LAN session (destination).
                When I tried using the mask source configuration, I saw my steam client download from multiple remote sites which, broke the whole concept of limiting download bandwidth for a single LAN IP, as I need to limit the sum of all download connection sessions. It worked for single streams of traffic to single IP addresses, such as with speedtest, but not for downloads from multiple remote sites. Either that or I configured it wrong. I tested with the new limiter config using the mask for source, made new rules, and one machine still topped out the qHTTPandSteam queue. Let me know if you find testing to be different in your environment.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy