Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem with queueing web server traffic

    Traffic Shaping
    3
    4
    824
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DrNick 0 last edited by

      Hello. I'm hoping someone might be able to lend a hand regarding my traffic shaping set up.

      The pfsense box has 3 interfaces - LAN, WAN and DMZ. Attached to the DMZ port is a web server, which the HTTP service is port-forwarded to. The rest is a fairly standard set up, with NAT in place between the LAN/DMZ and WAN ports.

      I have used the 2 LAN, single WAN traffic shaping wizard to do the initial set up for QoS. This part seems to work OK - the floating rules in place catch the traffic correctly and I can see the queues in action using either pftop or Status > Queues.

      The next part I wanted to add was a rule to give outgoing HTTP traffic from the web server it's own queue. I have created a new queue on the WAN interface (as it's outgoing traffic) and assigned bandwidths as appropriate. The queue I created is called qWWW. The queues on the WAN interface and their respective linkshare bandwidth's are shown below:

      WAN         980 Kbit
      qACK 100 Kbit
      qDefault 50 Kbit
      qWWW 500 Kbit
      qP2P 10 Kbit
      qGames 70 Kbit
      qOthersHigh 200 Kbit
      qOthersLow 50 Kbit

      I then created a new floating rule to assign the outgoing traffic to the queue. The rule has the following properties:

      Action: Match
      Interface: WAN
      Direction: Out
      TCP/IP Version: IPv4
      Protocol: TCP
      Source: any
      Source port range: http:http
      Destination: any
      Destination port range: any:any
      Description: HTTP out qWWW
      Ack/Queue: qACK/qWWW

      After applying all this, it doesn't direct outgoing HTTP into the new queue. I've tried flushing the state table, and even rebooting the firewall, however no traffic enters qWWW.

      From what I've read, it would appear I've carried out all the required steps for this to happen, so I imagine there is some problem with my floating rule? My reason for choosing WAN as the interface is because that is the interface the traffic will be outbound from, and since traffic shaping takes place in outbound direction only, this seemed logical. The way I have identified outgoing HTTP is by matching the source port as port 80 (HTTP). Would there be some reason this wouldn't work?

      Any help or advice is greatly appreciated, thanks for your time.

      1 Reply Last reply Reply Quote 0
      • F
        FireBurnsHot last edited by

        I'm new to shaping, but spotted the following.

        1. Make sure you got the same queues on all interfaces, this makes sure traffic always finds the right queue
        2. You can shape outgoing Traffic only, so you want to look at the DMS Firewall rule + Queue

        1 Reply Last reply Reply Quote 0
        • B
          bfranske last edited by

          FWIW, It looks like you're doing things correctly to me. I'm also having a hard time getting things to go into the right queues (see my other post about it in this forum) though I'm trying to shape in the other direction (traffic entering from the WAN and exiting through the LAN).

          1 Reply Last reply Reply Quote 0
          • F
            FireBurnsHot last edited by

            The queues aren't my issue (I GUESS!) its about the queues are ignoring the shaping (kinda). At least that's how it feels to me.

            I give it a whirl on the weekend and report back :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post