Traffic Shaper / Alias / Firewall Rule config Share



  • Here is a link to what I have been using:

    https://www.dropbox.com/s/qb646fx9dk07ca8/PFShaper.zip

    This setup runs on a Intel Core 2 Duo ,  Dual Core CPU 3.0GHZ , 8GB RAM , 80GB SATA drive 3 Intel PCI / PCI-E NICS (2 WAN / 1 LAN) on an Intel 775 motherboard
    Running the latest version of PFSense.

    In May I used this config at a 132 person LAN party with 2 50MB / 5MB modems.  The biggest problems we have had in the past were LoL pings would be high because of people downloading.

    using the limiter by foxdale in this forum and my shaping , I was able to keep LoL ping at 103 - 120ms the whole weekend and still allow people to download from Steam.  We used 2 BF4 server for tourney's and we had pings in the 35 - 85ms range to those servers during the tourney.

    Keep in mind this is tuned for a LAN party where gaming is priority.  If you want to use it for another application then you will need to change the percentages under the shaping and possibly redefine things.

    Some of the things I do in this config:

    1. use aliases when I can for the rule.
    2. I just round robin load balance between the WAN's by using a LAN rule.
    3. I use the quick option on all of the floating rules.

    ** By no means am I an expert at this or am saying this is THE WAY to do it.  This is what has worked for me.  If it works for you as well then feel free to use it and build on it.  If one of the experts see something in the config that I am doing wrong then please let me know and I am sure there are things that  I can improve upon.



  • Attached are some of the RRD Graphs from that weekend.
















  • i made an alias also for lol my ping is 40 but someone watching video from youtube or from other site my lol ping suddenly increase to 300 may be lack of set up thats why this is happening.. i just made an alias and float only i need also to put a rule on lan? please share your set up thank you..



  • Check, the first message in this thread, links to dropbox.



  • Here is a single WAN configuration.  I put it in a different dropbox so you wont have to get them mixed up.

    https://www.dropbox.com/s/68267ssgwcdack2/PFSenseSingleWAN.zip

    This is the same shaping and rules just with a single WAN.  Note I changed the name of the LAN interface so you can name it whatever.
    The limiter here is 25MB / 2.5MB since this will be on a 50MB/5MB modem.  Either delete the rule or change the limiter if you don't want to use it.



  • Here is a screenshot of the single WAN configuration in action.  I have a custom LoL game going on with a Steam game download.  You can see the highlighted orange areas indicating LoL ping along with Steam download speed.  Granted this is just one client behind the router but I do have the limiter set in this case to 10Mbit and you can see I am getting close to that.




  • I have added my configuration for Single WAN / Single LAN PRIQ setup.  Some things to note:

    1. Limiter for TCP is in effect with 8MB download / 1MB upload set so change it to suit your speeds.
    2. PRIQ is used versus HFSC.  DNS queries are under the qGames which is at priority 7.

    This is my first attempt at PRIQ compared to HFSC but it does seem that I am getting lower pings in a game (LoL) compared to HFSC.  I am seeing 95ms with PRIQ versus 112 - 120ms with HFSC. This is with Steam going in the background downloading at almost 1MB/sec. (See attached screenshot).

    Feel free to use and if you have suggestions or tips , they are greatly appreciated.

    Here is the link to the config on dropbox.  https://www.dropbox.com/s/6loxfax6k4xr78u/LANPARTYPRIQSLSW.zip

    ![PRIQ Shaping.jpg](/public/imported_attachments/1/PRIQ Shaping.jpg)
    ![PRIQ Shaping.jpg_thumb](/public/imported_attachments/1/PRIQ Shaping.jpg_thumb)



  • @sideout thank you for posting your configs. I do have a question for you. How does this setup deal with players abusing the network with bittorrent? A touchy issue especially with LoL as it uses a torrent like protocol (as does WoW).

    I've put on LAN Parties with up to 400+ attendees and this is a continual thorn in my side. The only thing I've found that ever 'stopped' them was Untangle, but it caused issues for LoL players. We typically end up restricting everyone to a tiny amount of bandwidth which of course makes everyone else whine that youtube or game updates etc. are too slow.



  • The limiter handles that. The LAN rule with the limiter for TCP will divide up whatever bandwidth you set equally between everyone .

    You can change that amount on the fly as you need. Typically I set it at like 30 to 40mbit for the first couple of hours then we throttle back as we start tourneys.

    We have our LoL tourney on Sunday as well to help.

    Also using the rule with the LoL server IP's help too .



  • So we have another LAN this weekend. There will be 4 modems being used for this configuration.  Using HFSC and will be allocating traffic to specific modems with LAN interface rules.  I will post up some results after the event.



  • @sideout:

    The limiter handles that. The LAN rule with the limiter for TCP will divide up whatever bandwidth you set equally between everyone .

    You can change that amount on the fly as you need. Typically I set it at like 30 to 40mbit for the first couple of hours then we throttle back as we start tourneys.

    I've imported your Single WAN/Single LAN PRIQ configs into a clean install, the Limiter tab is empty. Tips?



  • It might have gotten left out. You can just manually create it.  I went back to HFSC instead of PRIQ. If I get a chance I will try and redo it.



  • I restored the shaper xml from the zip file and the limiter is there. I restored into my test system and then rebooted.  It is under Firewall / Traffic Shaper / Limiter tab for the settings of it and then under Firewall / Rules / LAN interface for the implemetation of it.

    You might have to reboot after you restore the configuration to see it.



  • Here is another screenie of HFSC with the limiter in action.  I have a laptop on the LAN downloading from steam. Limiter is set to 8Mbits down  / 2.5Mbits upload.  I am on another PC running LoL.  LAN interface is limited to 20Mbits under qInternet and WAN's are limited to 5Mbits.  qGames has 20% realtime and 40% overall.  qWeb has 40% on the LAN side as well.  Granted this is not like a full LAN party but it gives you an idea of how it should work.

    I have a 135 person LAN this weekend so I will post up screenies from that along with graphs and charts.




  • I used the Single WAN/Single LAN PRIQ setup at a 48 man LAN party yesterday. Everything worked very well. We were lucky to have an exceptional internet connection, 472Mb/407Mb which I limited to 350Mb/350Mb. In game pings to internet servers were in the 30-40ms range. I was using a LANcache setup as well. The whole setup worked so well that a 100Mb/12Mb connection would have provided the exact same experience.

    I was fortunate to have a well behaved group of attendees, no one was abusing the network with torrents so really didn't get to see how it would have handled it. Given there were zero complaints even when people were downloading games I think the limiter would have handled it fine.

    @sideout thanks again for the configs and advice given.



  • Awesome!!! Glad it all worked good for you. I would love to be able to find a venue that had that Internet connection .



  • @sideout:

    Here is a single WAN configuration.  I put it in a different dropbox so you wont have to get them mixed up.

    https://www.dropbox.com/s/68267ssgwcdack2/PFSenseSingleWAN.zip

    This is the same shaping and rules just with a single WAN.  Note I changed the name of the LAN interface so you can name it whatever.
    The limiter here is 25MB / 2.5MB since this will be on a 50MB/5MB modem.  Either delete the rule or change the limiter if you don't want to use it.

    Sir the link is dead … re-up please...



  • @sideout:

    I have added my configuration for Single WAN / Single LAN PRIQ setup.  Some things to note:

    1. Limiter for TCP is in effect with 8MB download / 1MB upload set so change it to suit your speeds.
    2. PRIQ is used versus HFSC.  DNS queries are under the qGames which is at priority 7.

    This is my first attempt at PRIQ compared to HFSC but it does seem that I am getting lower pings in a game (LoL) compared to HFSC.  I am seeing 95ms with PRIQ versus 112 - 120ms with HFSC. This is with Steam going in the background downloading at almost 1MB/sec. (See attached screenshot).

    Feel free to use and if you have suggestions or tips , they are greatly appreciated.

    Here is the link to the config on dropbox.  https://www.dropbox.com/s/6loxfax6k4xr78u/LANPARTYPRIQSLSW.zip

    Sir the link is dead … re-up please...



  • See my other reference threads in this forum.



  • Hello I can't seem to find any links from you in this forum with the dropbox links that is still alive. Can you please repost a live link for the configs it would help alot for us, thanks.



  • Sir can you re upload again the file  because the link is broke thanks



  • @mcthr0:

    Sir can you re upload again the file  because the link is broke thanks

    sideout has newer threads with newer configs.

    https://forum.pfsense.org/index.php?action=profile;area=showposts;sa=topics;u=11283

    https://forum.pfsense.org/index.php?topic=119872



  • Yes I have newer configs posted as Nullity said.  (And thanks for that man!!!)

    I have switched models to using multiple modems and grouping DHCP clients into pools and then using LAN firewall rules to send those aliases out those modems.

    I did it this way because the trend has been to go back to TCP for games now and limiting per client for TCP / UDP is easier than running complex shaping rules with HFSC..

    I have been keeping about 50 people on a modem and this config has worked out great.  My config has been run and tested in 3 separate LAN's of over 150 people.  This is a LAN party config done for that purpose.

    My HFSC config can be used for LAN parties but I am not updating the Alias lists for the newer games so that will need to be done.

    You can use the HFSC config and modify it how you need as some have done for their purposes.

    If I ever get a venue with a big connection , I would go back to HFSC for shaping but in my area , it's TWC / Spectrum or nothing and they wont give a big connection so we have to chain multiple residential modems together.

    Here is the link to my public PFSense config location.  I have been running it virtually as well. This is my modified Vmware PFSense.

    https://drive.google.com/drive/folders/0B96G4GloGCiKRklTaE83SU9nY0E?usp=sharing  password is pfsense2016 for the build.