Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Custom Traffic Shaper rules in 2.0.x

    Traffic Shaping
    1
    2
    2245
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toomeek last edited by

      Dear Forum,
      pfSense is great OS. I like to learn new things while running it at home..

      Now it's time for QoS. This might be interesting task :)
      Let's summarize my needs:

      • My link is:
        30Mbit down, 3Mbit up.
      • Shaper Wizard used:
        traffic_shaper_wizard_multi_lan.xml
      • I'm running following services (I'm learning how they work and what is needed for best performance):
        1 x VPN server (OpenVPN)
        2 x DNS server
        4 x TeamSpeak
        1 x Mumble
        3 x Minecraft
        1 x WWW server (few websites)
        3 x SSH service
      • They require:
        DNS, TS, Mumble, SSH - low latency, low bandwidth, high priority
        VPN - low latency, middle bandwidth
        Minecraft - low latency, high bandwidth
        WWW server - middle latency, middle bandwidth
      • what's available:
        enough cpu resources (2 x vCPU)
        enough RAM (assigned 2GB)
        enough hdd space (10GB)
      • Additional requirements:
        rules as % of link speed value for easy expanding
        upload with guaranteed speeds, download shaped for all services dynamically - HFSC would be best I think
        protection against various DDoS attacks
        own XML (wizard) would be best
        not running Squid, but will soon (I have to assume queues will not limit this kind of service)
      • external KB sources:
        http://www.wedebugyou.com/2012/11/how-to-prevent-and-mitigate-ddos-part1/
        http://www.hammerweb.com/blog/2011/09/traffic-shaper-in-pfsense-2-0/
      • What I don't fully understand - questions:
        why traffic shaper wizard creates qLink and qInternet on LAN while on WAN is only qInternet?
        what Random Early Detection and Explicit Congestion Notification exacly means?
        why there is pps limit on qLink set exacly to 500? shouldn't be more on faster links?
        I created rules using HFSC and PRIQ indepedently, rules based on port number (as example: 25565) were ignored when using HFSC.. however with PRIQ packets travelling to same port were in correct queue. I don't understand this.
        Why ACK queue is so large (~20% both up/down)? I understand this is specific to ACKNOWLEDGE packets while they're required for successful transmission.
      • Giving here few screenshots as examples of rules I tried/learned so far..

      In result, I would like to create custom traffic shaper wizard which fits these needs and share it to Community.

















      1 Reply Last reply Reply Quote 0
      • T
        toomeek last edited by

        Another functionality is logging firewall rules to external MySQL database
        I would like to add this via option in Shaper Wizard with option fields like:
        database server
        database name
        database user
        database pass
        as far I know this can be done with Remote syslog server like this:
        http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
        This would be configured on syslog-ng host - question is: is it compatible with pfSense syslog?
        http://www.gho.no/2008/10/setting-up-remote-syslog-to-mysql-with-cisco-ios-and-syslog-ng-in-linux/

        I'm currently running on 2.0.3 i386.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post