No use for TS - Sorry the Moaning

  • I started today setting TS on my firewall, only to abandon the idea, what is the use of TS on a firewall if I can't balance the traffic between all my interfaces? Sorry the moaning, but I had to let it out.

    For example:

    • I have WAN and VPN, I what WAN to have priority over VPN, but if no VPN, run WAN at full speed.
    • I have GUEST and LAN, I want WAN to have priority over GUEST, but if no GUEST, please don't hold back my LAN, boast it to the max
    • I have PS4 on a separated VLAN, I what it to have priority over LAN. If PS4 on, hold back LAN, if not, boast all those cool downloads on LAN and lets get this party started.

    All I can do is divide the bandwidth by all my interfaces, and if one is idle, no luck in boasting the other.

    Will this ever be a solution?


    Would you pay to get it??

  • I don't think that I have the financial means to make a proposal alone that would get someone interested in changing such a central part of PfSense, but I would join in to a group of people to support it if that is the case. What would be a fair value to something like this? I know that I'm not alone in this.


  • See, I told you that I didn't had the financial means to do it, but I would get a equity on that and backup a group of people. 50? 100? I know more people would what this.

    This is not the place to discuss this kind of things, I'll start a topic on the bounty section, and see what comes out of it.

    Why not post a bounty then instead of moaning??

  • I will! And we will see if I'm alone on this! I know that is not the case!

  • @soloam:

    …what is the use of TS on a firewall if I can't balance the traffic between all my interfaces?

    It's very useful for all those that have extremely limited internet connections. I know it was the only way I could get VoIP to work reliably on this one place where I only have a 2/1 Mbit/sec connection.

  • Without knowing anything about how PFSense/FreeBSD handles traffic shaping, having the ability to shape ingress would solve nearly every issues asking. There may be a few situations where someone actually wants to truly have a "group".

    One possible way to bandaid this would be to create a virtual interface that all ingress for an interface goes to, then you can shape the traffic leaving that virtual interface

    Ingress->WAN->VirtualInterface->Shape egress->route traffic to other interfaces

  • It is kinda stupid but I think you can achieve what you want with two pfSense servers (perhaps even 2 virtual servers?). Just shape it all one interface and then send it to the other server that will route it to the proper network/interface via NAT or something. I haved no idea wtf I am talking about… :)

  • I have seen that solution! Basically you have a pfsense machine before your main firewall just with a wan and a lan in bridge mode! That way all the traffic would flow from wan to lan, and then you would apply the shipping there! Only one wan and one lan, problem solved! The traffic would arrive to you main firewall already shaped! To me that is not a solution! :-)

  • Yeah, the lack of a shared download queue is preventing us from setting up multiple LANs in our office.

    As Harvy66 has suggested a virtual interface of sorts would solve this issue, but I don't think there is a way to do this even with stock FreeBSD.

