  • I'm not sure if this is normal behavior or not, but the webGUI is being caught in the default rule (which has severely limited bandwidth). I was under the impression traffic shaping should only occur WAN <=> LAN, so I'm very confused why the webGUI is being shaped, since it shouldn't be passing through the router.

  • Trafficshaping always happen outbound at an interface, so if you "download" a webgui page at lan it will be shaped as well. That is the same when running a squid for your LAN-Clients btw at the pfsense. The upcoming 1.3 trafficshaper should be much more flexibel and will give you more power and control over things like this. At the moment it's "correct behaviour".

  • Ah, ok.
    Is there a rule I can put into the Traffic Shaper so that I can move into a higher priority queue?
    I tried myself a few times, but it was really just guessing.

  • What you wan t to do is having a parent qeue on that interface with full interface speed and subqueues in it, one for the services running on pfSense and another one with all the traffic that is coming from WAN. However as you want to have different serviceclasses inside that "from WAN" queue you would need 2 levels of parents which is not supported by 1.2's trafficshaper. You'll have to wait for 1.3 or find some kind of "hack" for now which is unsupported.

  • Well until 1.3, how do implement a rule to at least get it out of the default queue so it least gets some bandwidth?

  • The parent queue limits all other queues (it's like a container for all other queues) and that queue is your wan downstream speed. You can't send the traffic to a queue outside this parent.

  • Sorry, my fault for not explaining my issue correctly.

    The webgui service is being caught in the p2p queue. I'm not sure if it is being caught in the p2p catch all rules or if it is because the p2p queues are set as "default queue"s. I have the p2p queue set only to 128k which makes the webgui very slow to work with. So I'm hoping there's a way to set a rule to move the pfsense services into one of my higher queues. Which are many times faster.

    Thank you for all your help.

  • Ah yes, you are using the p2p catch all rule for that. Either bump all http traffic to a higher priority by running the shaper again (in case that you still have the webgui at port 80) or just pick a service that you don´t need and modify the rules that are created for it to match the IP of the pfSense and the webguiport.

  • WAN->LAN TCP * Port: 80 (HTTP) * HTTP_In/HTTP_Out HTTP inbound 
    LAN->WAN TCP * * Port: 80 (HTTP) HTTP_Out/HTTP_In HTTP outbound 
    WAN->LAN TCP * * Port: 80 (HTTP) High_In/High_Out HTTP inbound
    LAN->WAN TCP * Port: 80 (HTTP) * High_Out/High_In HTTP outbound

    I have those 4 rules setup for HTTP, but the webgui still isn't being caught. My regular HTTP traffic, and the HTTP server I have running inside the network are being shaped into the correct queues though.

  • Try disabling the antilockout rule.

  • Thank you, after disabling the antilockout rule, the WebGUI is no longer being put into the default queue. It is now being grabbed by the normal HTTP traffic rules.

