Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shaper dont work on 1.2final

    Scheduled Pinned Locked Moved Traffic Shaping
    19 Posts 5 Posters 8.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srs
      last edited by

      Please guys, I need some help here:

      In a 1.2 fresh install, configured correctly the wan and lan, I've used trafic shaper wizard to define shaper rules; I enabled the qPenalty queue with one IP address; but this is not working; even flushing the states table, it doesnt make difference, that ip (workstation) keeps using more bandwith that it has defined to Penalty queue.

      Shaper was set with my 1536Kb up/down link; a simple configuration that has worked on older pfsense versions, but now with this fresh 1.2 it doesnt work.

      Anyone has any idea? is there any known bug related to shaper on 1.2final??

      thanks a lot

      1 Reply Last reply Reply Quote 0
      • G
        ginosteel
        last edited by

        any logs?
        did u upgrade and restore some configuration files?

        1 Reply Last reply Reply Quote 0
        • S
          srs
          last edited by

          I have not seen log files; I'll see it later.

          No, I have not restored any file, configured everything manually.

          Thanks

          1 Reply Last reply Reply Quote 0
          • S
            srs
            last edited by

            I was looking at logs and saw this entry, related to the day when I first configured Shaper and qPenalty; since then, even if I re-run shaper wizard, qPenalty doesnt shape traffic to it's related IP. Does someone knows what that means?

            In this cases, what to do? reinstall pfsense? why this happens?

            Mar 14 10:16:54 nat php: : There were error(s) loading the rules: /tmp/rules.debug:16: queue qPenaltyUp has no parent /tmp/rules.debug:16: errors in queue definition /tmp/rules.debug:17: queue qPenaltyDown has no parent /tmp/rules.debug:17:
            errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [16]: queue qPenaltyUp bandwidth 1% priority 2hfsc (  red ecn upperlimit 10Kb )

            This is today's message, when I re-run shaper wizard: (qPenalty still dont shapes traffic bandwidth)
            Mar 17 08:23:15 nat check_reload_status: reloading filter
            Mar 17 08:29:23 nat last message repeated 3 times
            Mar 17 08:33:26 nat php: /wizard.php: Create RRD database /var/db/rrd/wan-queues
            .rrd
            Mar 17 08:33:26 nat php: /wizard.php: Creating rrd update script
            Mar 17 08:33:29 nat check_reload_status: reloading filter
            Mar 17 08:41:56 nat check_reload_status: reloading filter
            Mar 17 08:42:07 nat check_reload_status: reloading filter

            thanks

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by

              Remove the shaper config and rerun the wizard.

              1 Reply Last reply Reply Quote 0
              • S
                srs
                last edited by

                Ok, lets go: the desktop wich IP is in penalty rule queue is turned off, so, no states;

                I turned off trafic shaper, saved; then I re-run the wizard, placing that desktop ip again in penalty rule queue;

                Finished shaper wizard; turned on the desktop; begin to download a knoppix.iso from internet and the the download speed is almost my full wan (1536kbits/s) when it should be the one configured in penalty queue (10kb).

                Still the same :(

                Mar 18 09:36:11 nat check_reload_status: reloading filter
                Mar 18 09:38:17 nat check_reload_status: reloading filter
                Mar 18 09:38:17 nat php: /wizard.php: Create RRD database /var/db/rrd/wan-queues
                .rrd
                Mar 18 09:38:17 nat php: /wizard.php: Creating rrd update script

                Another question: do you know when (with month) can we have pfsense 1.3 final or any RC?

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  Maybe this is a rule ordering issue? Do you have set http to high and it is above the penalty rules?

                  It's far too early to say anything about 1.3 final or releasecandidates atm.

                  1 Reply Last reply Reply Quote 0
                  • S
                    srs
                    last edited by

                    First, thank you Hoba for your attention.

                    This is my pfsense queues list and order; this is the default one, I have not changed it when ended wizard.

                    Flags  Priority  Default  Bandwidth  Name 
                      0  No 1536 Kb  qwanRoot 
                        0  No 1536 Kb  qlanRoot 
                        1  Yes 1 %        qwandef 
                        1  Yes 1 %    qlandef 
                    ACK        7      No      25 %  qwanacks 
                    ACK        7      No 25 %  qlanacks 
                        7  No 25 %    qVOIPUp 
                        7  No 25 %    qVOIPDown 
                    RED ECN    2      No     1 %  qPenaltyUp 
                    RED ECN    2      No     1 %  qPenaltyDown 
                    RED ECN    1      No     1 %  qP2PUp 
                    RED ECN    1      No     1 %  qP2PDown 
                    RED ECN    4      No     25 %  qOthersUpH 
                    RED ECN    4      No     25 %  qOthersDownH 
                    RED ECN    2      No     1 %  qOthersUpL 
                    RED ECN    2      No     1 %  qOthersDownL

                    Again, thanks for your time!

                    1 Reply Last reply Reply Quote 0
                    • D
                      dav1d
                      last edited by

                      Hy Srs,

                      i had same problem, but first my configuration was  "transparent firewall", and traffic shape doesn't work :'(; second i think that is important the order of the rules  (like rules firewall), because if you download from internet using http protocol, and your http rule is on top ``first match wins''.
                      Try to move up the penality rules.

                      I hope this help you.

                      1 Reply Last reply Reply Quote 0
                      • S
                        srs
                        last edited by

                        hey dav1d, thanks a lot for your help; I will test the rules order; but one more question: what you mean with 'transparent firewall'? I use transparent proxy, but in older pfsense versions, it always worked, shaper with transparent proxy… can you help with this? thanks one more time!

                        1 Reply Last reply Reply Quote 0
                        • D
                          dav1d
                          last edited by

                          I am not sure, but transparent firewall is a packet filtering and normally you put it between your GW and LAN. In your case, transparent proxy intercept a particular service like HTTP and redirect it to squid for  simple content filtering, cache, etc.

                          My configuration was this: http://pfsense.trendchiller.com/transparent_firewall.pdf.

                          1 Reply Last reply Reply Quote 0
                          • S
                            srs
                            last edited by

                            hey dav1d, thanks again for your time and help!

                            I think the setup that is described in that document is for a bridge setup; The most strange about the queues order is that they are in default position, I have not changed them after running trafic shaper wizard… In other situations, with another pfsense versions, it worked; before installing 1.2 final I used 1.2rc3, or 4, I dont remember, but the last versions; and it was all working; I had created other queues, and they were all working nicely; this is the reason I simply dont understand why this shaper is not working now; I have setup pfsense manually, did not restore no one backup file, and the shaper is running from the default wizard setup, the only thing I've done is the choose the IP for penalty and the bandwidth for penalty (10k) and for the entire shaper (1536kbits/s up and down), the same values that I have used in other times and have worked.

                            Have you tried 1.3 already?

                            thanks a lot for your help!

                            1 Reply Last reply Reply Quote 0
                            • S
                              srs
                              last edited by

                              hey folks, I think I've found the problem:

                              When I turn off transparent proxy in squid, the shaper seems to work fine; but when transparent proxy is enabled, the shaper doesnt work; the strange is that I always used squid, as transparent proxy, and shaper, in previous pfsense versions, and I know it worked…

                              Well, what can be done to use these two must-have features??

                              thanks

                              1 Reply Last reply Reply Quote 0
                              • S
                                sullrich
                                last edited by

                                Contribute to the traffic shaping bounty and ask Ermal if he can fix.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  srs
                                  last edited by

                                  can you tell me wether this was always this way or this is a 1.2family issue? I just want to confirm that I have used shaper plus squid in pfsense before.

                                  thanks

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hoba
                                    last edited by

                                    I think it has always been that way. When enabling squid in transparent mode it creates invisible redirects to the squid deamon that match before other rules do. Also it has been a know limitation for quite some time that traffic from services (like squid) running at the pfSense directly can't be shaped properly due to the way the trafficshaper is working in releases up to 1.2.

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      srs
                                      last edited by

                                      well, this is really strange, because I always used squid and I'm sure at 6 to 8 months ago I used the shaper successfully to shape bandwithd of computers laboratories and penalty some ips… and it always worked and I'm sure, I always used squid with some blacklists/whitelists, always in transparent mode beucase I never nedded to configure anything in desktops...

                                      But so this is ok, I must vote for what is the most important to me: shaper or access control lists (squidguard).

                                      Please, can you tell me if this is planned to work (together) on upcoming 1.3?

                                      thanks a lot for all your patience and always congrats for your really nice work!

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        sullrich
                                        last edited by

                                        This has always been an issue.  if you want to guarantee it will be in 1.3 then contribute to the bounty.  Otherwise no promises.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          srs
                                          last edited by

                                          ok sullrich, thanks a lot! as I'm in Brazil, I dont know how can I contribute, but I'll check this, ok! I always used pfsense since 0.9x and pretend keep using it!!!

                                          Thanks a lot!

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.