4. Layer7, only option is "action" "block" (no Queue option)?

Layer7, only option is "action" "block" (no Queue option)?

  • G

    I'm running 2.1 Release and in trying to get traffic shaping to work as expected, I noticed that my L7 options are limited to "action" and "block."

    I don't have a "queue" option, which is what I'd like - for example using the L7 container to directly gtalk, skypeout, ssh, and skypetoskype traffic to the highest priority queue.

    Is this a known issue?

    A relevant detail may be that my traffic shaping efforts have been to date for naught.  I set up the L7 queues after running the wizard.  When it didn't behave as expected, I deleted the traffic queues and it is currently "off."  When I ran the wizard again and reenabled queues, all traffic was extremely slow, so I turned them off again and just noticed the L7 options were not what I'd expect.  If it is not a known issue, having attempted to generate traffic flows, then attempted to delete them and start over may have left a residual incompatible issue.

    2.1-RELEASE (i386)
    built on Wed Sep 11 18:16:50 EDT 2013
    FreeBSD firewall.wahjalayn.com 8.3-RELEASE-p11 FreeBSD 8.3-RELEASE-p11 #1: Wed Sep 11 18:47:57 EDT 2013 root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386

    0
  • D

    You can't queue if you do not have traffic shaper active with queues.

    What you might want to do is to actually setup the traffic shaping with queues first.  Ignore any limiting.

    Then only, go to the L7 section and setup the container group.  You will be able to switch from 'Action' to 'Queue' and the 'Block' will change to the drop-down box with all the valid queues.

    After that, go back to your Firewall rules and edit (or add) the correct rules.  Scroll down to the advanced section and look for Layer7.  Select the correct container you have setup.

    Since Skype doesn't use any specific ports in particular, you can simply amend the Default LAN allow rule to include the L7 container to send the traffic the right way.  However, you should disable uPNP (Skype uses uPNP where available) - otherwise, it will bypass the firewall rules.

    0
  • K

    In the actual firewall rule, in the "Advanced features" section, just above the place where you select your Layer 7 container, is the place to select your "ACK queue" and "regular traffic queue".

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy