Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer7, only option is "action" "block" (no Queue option)?

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gessel
      last edited by

      I'm running 2.1 Release and in trying to get traffic shaping to work as expected, I noticed that my L7 options are limited to "action" and "block."

      I don't have a "queue" option, which is what I'd like - for example using the L7 container to directly gtalk, skypeout, ssh, and skypetoskype traffic to the highest priority queue.

      Is this a known issue?

      A relevant detail may be that my traffic shaping efforts have been to date for naught.  I set up the L7 queues after running the wizard.  When it didn't behave as expected, I deleted the traffic queues and it is currently "off."  When I ran the wizard again and reenabled queues, all traffic was extremely slow, so I turned them off again and just noticed the L7 options were not what I'd expect.  If it is not a known issue, having attempted to generate traffic flows, then attempted to delete them and start over may have left a residual incompatible issue.

      2.1-RELEASE (i386)
      built on Wed Sep 11 18:16:50 EDT 2013
      FreeBSD firewall.wahjalayn.com 8.3-RELEASE-p11 FreeBSD 8.3-RELEASE-p11 #1: Wed Sep 11 18:47:57 EDT 2013 root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker
        last edited by

        You can't queue if you do not have traffic shaper active with queues.

        What you might want to do is to actually setup the traffic shaping with queues first.  Ignore any limiting.

        Then only, go to the L7 section and setup the container group.  You will be able to switch from 'Action' to 'Queue' and the 'Block' will change to the drop-down box with all the valid queues.

        After that, go back to your Firewall rules and edit (or add) the correct rules.  Scroll down to the advanced section and look for Layer7.  Select the correct container you have setup.

        Since Skype doesn't use any specific ports in particular, you can simply amend the Default LAN allow rule to include the L7 container to send the traffic the right way.  However, you should disable uPNP (Skype uses uPNP where available) - otherwise, it will bypass the firewall rules.

        1 Reply Last reply Reply Quote 0
        • K
          Klaws
          last edited by

          In the actual firewall rule, in the "Advanced features" section, just above the place where you select your Layer 7 container, is the place to select your "ACK queue" and "regular traffic queue".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.