Very basic traffic shaping – max bandwidth not enforced?

  • Hello,

    I've installed pfSense and am enjoying the experience so far, having tried a number of other firewall distros recently.  However, I'm having some trouble with the traffic shaper.  I need to limit my inbound and outbound traffic on my metro ethernet connection (I have split this over two interfaces, one for VPN and one for WAN) to prevent being charged for burst traffic.  So far I've tried using limiters with firewall rules on my LAN interface – this works well, but it'll get more complicated when applying different rates for the two external interfaces.  I then tried using the traffic shaper.  I went through the wizard, specifying a single WAN and LAN connection at first, setting an arbitrary low bandwidth (I tried 1Mbps symmetrical and 4Mbps symmetrical) and enabling no other settings.  I imagined that this would top out at the bandwidths I'd specified but found that, according to the Traffic Graph, this wasn't happening -- I was seeing traffic at 12Mbps and have no doubt that this would go at line speed if it were a gateway for more than just my computer.  Can anyone please point me to why the traffic shaping is seemingly not being applied?

    Thanks in advance!

  • There are 2 overall limiters in traffic shaper. The WAN and the LAN\qInternet.Other queues by default will try to use all of this. If the queue is full then the percentages come into place and also priority so that the traffic you want through will get through at the speeds you want. If you want to limit a certain queue, you would need to use the M2 section in the service curve.

  • The queues created by the wizards are generally wrong and don't function as you expect them to. Understand HFSC and create the queues yourself.

  • The wizards are a good way to get started and then you can branch from there for you specified requirements.

  • I wanted to thank both of you for your input on this, but seemingly can't.  Thanks, and sorry for the delay in it; I stopped looking after a week!  I'll work on the assumption that even the basic queues created by the wizard should be treated with suspicion for now.

Log in to reply