Traffic Shaping: LAN Party Gaming Traffic over HTTP/Steam Downloads



  • Hi all, newb to the forums here. I've been playing with pfSense a little bit recently and have started to get a pretty good handle on the product.

    I was wondering if I might beseech your help in reading a post I wrote recently titled "Using pfSense for QoS at a LAN Party: Nerfing the Steam downloads and HTTP traffic". I also included a Vimeo video with a demonstration. I was hoping to get some feedback, or perhaps some better tips to shape the traffic. I'm definitely not an expert, but wouldn't mind presenting the most accurate information possible on my own post. If you don't want to click the link you can just google the title of the post.

    Cheers all!

    http://elgwhoppo.com/2012/11/17/using-pfsense-for-qos-at-a-lan-party-nerfing-the-steam-downloads-and-http-traffic/



  • Posted an update today, version 1.3 if anyone is/was curious on this.

    http://elgwhoppo.com/2013/09/04/pfsense-lan-party-qos-1-3-individually-limited-tcp-streams/



  • correct me if im wrong
    i read somewhere that qACK QUEUE does not apply to UDP protocol
    only for TCP protocol



  • Correct, UDP does not use SYN/ACK as it is a connectionless protocol.



  • Did seriously create 410 different rules?!

    Couldn't you create a floating rule, direction Out, on the LAN interface and apply the limiter using destination address as a mask? I have never tried it but from the top of my head it looks it would work



  • Hey georgeman, I get what you're saying, trust me I'd love to do one floating rule, but I found this during my testing and research of the settings.

    https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Setup_Limiters

    “pfSense currently only allows setting the source address or the destination address as the mask, meaning that you can give each host behind your firewall its own set of pipes so that each node is restricted to using a certain amount of bandwidth. To do this you would give your In pipe a Source Address mask, so that each host sending packets gets it’s own dynamic pipe for uploading. You would give your Out pipe a destination address mask, so that each host receiving packets gets it’s own dynamic pipe for downloading.”

    Also on the mask config in the pfSense GUI it reads:
    If ‘source’ or ‘destination’ is chosen, a dynamic pipe with the bandwidth, delay, packet loss and queue size given above will be created for each source/destination IP address encountered, respectively. This makes it possible to easily specify bandwidth limits per host.

    My understanding of these documented statements is that the limiter can limit upload for each LAN –> WAN session (source), or download can be limited for each WAN –> LAN session (destination).
    When I tried using the mask source configuration, I saw my steam client download from multiple remote sites which, broke the whole concept of limiting download bandwidth for a single LAN IP, as I need to limit the sum of all download connection sessions. It worked for single streams of traffic to single IP addresses, such as with speedtest, but not for downloads from multiple remote sites. Either that or I configured it wrong. I tested with the new limiter config using the mask for source, made new rules, and one machine still topped out the qHTTPandSteam queue. Let me know if you find testing to be different in your environment.