Need help separating browsing from downloading/streaming

  • I'm new to traffic shaping in pfSense and I am trying to recreate a setup I had in RouterOS. I would like to separate browsing and downloading/streaming into separate queues. In RouterOS I would mark packets on ports 80 and 443 with connection bytes up to 1MB as browsing and use that mark for a higher priority queue.  Another rule for connection bytes >1MB would apply a different mark which I then used in lower priority queue and it worked very well. I don't see an option in the floating rule page to catch traffic based on how much data has been transferred, has anyone done something similar?

  • Deagle, that is a really awesome feature.  I doubt that pfSense can do this though since all the matching happens when a connection is first setup, and then applies to the state record, so that the system doesn't need to process any more of the packets.  But the layer7 stuff must be able to look at enough of the traffic to try and match the contents and then change the queue, so maybe there is a way.

    If you look at pftop, it does track the bytes transferred for each state, so the info is there.  So it is probably possible for some sort of daemon to run every so often and to associate a state with a new shaper queue.

    I would suggest you ask on the freebsd networking list to see if freebsd supports it, and then you could open a bug/feature request to have the ability added to pfsense.

    I've noticed that youtube opens a new connection for each chunk of a movie though, so it would somewhat lessen the impact depending on how big the chunks are.

Log in to reply