pfSense console setup 
***********************
 0)  Logout (SSH only)
 1)  Assign Interfaces
 2)  Set LAN IP address
 3)  Reset webConfigurator password
 4)  Reset to factory defaults
 5)  Reboot system
 6)  Halt system
 7)  Ping host
 8)  Shell
 9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense PHP shell
13)  Upgrade from console

Enter an option: 8

# sysctl -a | grep tcp
tcpreass:         20,        0,      0,      0,        0
tcptw:            48,     1638,      0,    156,      138
tcpcb:           472,     8040,      5,     19,      231
net.inet.tcp.rfc1323: 1
net.inet.tcp.mssdflt: 512
net.inet.tcp.keepidle: 7200000
net.inet.tcp.keepintvl: 75000
net.inet.tcp.sendspace: 65228
net.inet.tcp.recvspace: 65228
net.inet.tcp.keepinit: 75000
net.inet.tcp.delacktime: 100
net.inet.tcp.v6mssdflt: 1024
net.inet.tcp.hostcache.purge: 0
net.inet.tcp.hostcache.expire: 3600
net.inet.tcp.hostcache.count: 1
net.inet.tcp.hostcache.bucketlimit: 30
net.inet.tcp.hostcache.hashsize: 512
net.inet.tcp.hostcache.cachelimit: 15360
net.inet.tcp.recvbuf_max: 262144
net.inet.tcp.recvbuf_inc: 16384
net.inet.tcp.recvbuf_auto: 1
net.inet.tcp.reass.overflows: 0
net.inet.tcp.reass.maxqlen: 48
net.inet.tcp.reass.cursegments: 0
net.inet.tcp.reass.maxsegments: 0
net.inet.tcp.insecure_rst: 0
net.inet.tcp.rfc3390: 1
net.inet.tcp.rfc3042: 1
net.inet.tcp.drop_synfin: 1
net.inet.tcp.delayed_ack: 0
net.inet.tcp.blackhole: 2
net.inet.tcp.log_in_vain: 0
net.inet.tcp.sendbuf_max: 262144
net.inet.tcp.sendbuf_inc: 8192
net.inet.tcp.sendbuf_auto: 1
net.inet.tcp.newreno: 1
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.slowstart_flightsize: 1
net.inet.tcp.path_mtu_discovery: 1
net.inet.tcp.sack.globalholes: 0
net.inet.tcp.sack.globalmaxholes: 65536
net.inet.tcp.sack.maxholes: 128
net.inet.tcp.sack.enable: 1
net.inet.tcp.inflight.stab: 20
net.inet.tcp.inflight.max: 1073725440
net.inet.tcp.inflight.min: 6144
net.inet.tcp.inflight.rttthresh: 10
net.inet.tcp.inflight.debug: 0
net.inet.tcp.inflight.enable: 3
net.inet.tcp.nolocaltimewait: 0
net.inet.tcp.maxtcptw: 1608
net.inet.tcp.isn_reseed_interval: 0
net.inet.tcp.icmp_may_rst: 1
net.inet.tcp.pcbcount: 5
net.inet.tcp.do_tcpdrain: 1
net.inet.tcp.tcbhashsize: 512
net.inet.tcp.minmssoverload: 0
net.inet.tcp.minmss: 216
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncookies: 1
net.inet.tcp.always_keepalive: 1
net.inet.tcp.rexmit_slop: 200
net.inet.tcp.rexmit_min: 30
net.inet.tcp.msl: 30000
# 

To see what all your tcp variables look like, do this:

sudo sysctl -a | grep tcp

You'll get output something like this - these are all the tweakable tcp variables - BE CAREFUL!  ;)

% sudo sysctl -a | grep tcp
tcpreass:         40,     1092,      0,    168,     6659
tcptw:            80,     3420,      0,     90,       46
tcpcb:           752,    17025,      7,      8,      841
net.inet.tcp.rfc1323: 1
net.inet.tcp.mssdflt: 512
net.inet.tcp.keepidle: 7200000
net.inet.tcp.keepintvl: 75000
net.inet.tcp.sendspace: 32768
net.inet.tcp.recvspace: 65536
net.inet.tcp.keepinit: 75000
net.inet.tcp.delacktime: 100
net.inet.tcp.v6mssdflt: 1024
net.inet.tcp.hostcache.purge: 0
net.inet.tcp.hostcache.prune: 300
net.inet.tcp.hostcache.expire: 3600
net.inet.tcp.hostcache.count: 0
net.inet.tcp.hostcache.bucketlimit: 30
net.inet.tcp.hostcache.hashsize: 512
net.inet.tcp.hostcache.cachelimit: 15360
net.inet.tcp.reass.overflows: 0
net.inet.tcp.reass.maxqlen: 48
net.inet.tcp.reass.cursegments: 0
net.inet.tcp.reass.maxsegments: 1064
net.inet.tcp.insecure_rst: 0
net.inet.tcp.rfc3390: 1
net.inet.tcp.rfc3042: 1
net.inet.tcp.delayed_ack: 1
net.inet.tcp.blackhole: 0
net.inet.tcp.log_in_vain: 0
net.inet.tcp.newreno: 1
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.slowstart_flightsize: 1
net.inet.tcp.path_mtu_discovery: 1
net.inet.tcp.sack.globalholes: 0
net.inet.tcp.sack.globalmaxholes: 65536
net.inet.tcp.sack.maxholes: 128
net.inet.tcp.sack.enable: 1
net.inet.tcp.inflight.stab: 20
net.inet.tcp.inflight.max: 1073725440
net.inet.tcp.inflight.min: 6144
net.inet.tcp.inflight.rttthresh: 10
net.inet.tcp.inflight.debug: 0
net.inet.tcp.inflight.enable: 1
net.inet.tcp.nolocaltimewait: 0
net.inet.tcp.maxtcptw: 3404
net.inet.tcp.isn_reseed_interval: 0
net.inet.tcp.icmp_may_rst: 1
net.inet.tcp.pcbcount: 7
net.inet.tcp.do_tcpdrain: 1
net.inet.tcp.tcbhashsize: 512
net.inet.tcp.minmssoverload: 0
net.inet.tcp.minmss: 216
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncookies: 1
net.inet.tcp.always_keepalive: 1
net.inet.tcp.rexmit_slop: 200
net.inet.tcp.rexmit_min: 30
net.inet.tcp.msl: 30000

sweet, I'll try this out when I get home. I'll let you all know how it goes.

And, well, by default on pfsense you're not running as root, I hope. I don't even know how to use it as a BSD box, I just use the webui to configure it.

Well, you need to be able to SSH into your pfSense box or get on its console to get a CLI I would imagine.

and I need to use wifi to get it from….

This is your culprit.
Replace your Wireless connection with a wire and you will have significantly lower pings ;)

I dont have hard number right now but i think i could get them from our wireless lab.
I just know that wireless is bad for the latency.
Have you ever tried to play a First Person Shooter per Wireless?

Well i think if you really want to compile the socat you might be interrested in installing a developers version.
Also i think there was a thread around how to add custom options o you dont loose them after a reboot.

And, well, by default on pfsense you're not running as root, I hope. I don't even know how to use it as a BSD box, I just use the webui to configure it.

dang, re-read that post, and it says you need a SOCKS server, is there one for pfsense?

All that crap is specific to Linux Majin - see my post above for what it takes on FreeBSD.

Repeat after me:
pfSense is FreeBSD NOT Linux

So just right away: no this is not applicable to pfSense.

Also you dont want to mess with the ACK's.

Right!  FreeBSD = what Linux wants to be when it grows up!  ;)

So, in FreeBSD land, you can try this if you want to mess with TCP ACKs:

Add this line to /etc/sysctl.conf and reboot:

net.inet.tcp.delayed_ack=0

If you want to change that value (it is net.inet.tcp.delayed_ack=1 by default on one of my FreeBSD servers) on the fly without modifying your /etc/sysctl.conf file, you can do this:

sudo sysctl net.inet.tcp.delayed_ack=0

You should be using sudo because you should not be doing things to your box as root, right?  Right!

You'll get output something like this:

% sudo sysctl net.inet.tcp.delayed_ack=0
net.inet.tcp.delayed_ack: 1 -> 0

It tells you what it was, and what you changed it to.  Test out WoW with it set to zero, and let us know how it goes!

-K

I wish I could connect my gaming rig right to the CM, but I'm doing a Dual WAN, and I need to use wifi to get it from where the CM's are hooked up to a comfortable place.

I looked down in the thread, and a poster who has a BSD firewall posted this:

or those with OpenBSD firewalls, here's the solution (again a big thanks to Yarre for spotting the poorly established socket connection - that was the killer :) ).

With this on I have gone from 1400ms - 1800ms down to 400ms! WoW is playable again.

The IP is that of the Proudmoore server but just replace with whatever you need. I'll actually be setting up a bunch of different IPs and socat instances for all the different servers that people play here at work (to do that, just have socat listen on a different port and redirect to the matching port).

Cynop

–
In pf.conf add the following lines in appropriate places (sorry I can't include my entire pf.conf as it is for a complex network so is very long but this is all pretty easy):

In REDIRECT section add one of these for your realm server

rdr pass on $int_if proto tcp from any to 12.129.225.18 port 3724 -> 127.0.0.1 port 3724

rdr pass on $int_if proto tcp from any to 12.129.225.22 port 3724 -> 127.0.0.1 port 3725

LOOPBACK - Make sure traffic on the loopback interface is passed

pass in  quick on lo0 all

pass out quick on lo0 all

WoW - Outbound to WoW servers

pass out log quick on $ext_if proto tcp from any to 12.129.225.0/24 port 3724 keep state

pass in log quick on $ext_if proto tcp from 12.129.225.0/24 port 3724 to any keep state

You can remove the "log" keyword once it's working too.

Then you need to get a SOCKS server or as I just found out - again thanks to Yarre - socat. I couldn't actually get nylon (the SOCKS server under OpenBSD) so I googled and found a "socat" port (see http://ports.openbsd.nu/net/socat). It compiled just fine and runs great. I used the same command line as under linux (change the listen port if you are trying to handle more than one WoW realm).

socat -d -d -d TCP4-LISTEN:3724,nodelay,fork,reuseaddr,su=nobody TCP4:12.129.225.18:3724,nodelay

Now, stop reading forums and go enjoy some WoW! :) (while I take my girlfriend to the ballet for her birthday.. yes, I am serious! ;) )

Cyn

Would I just need to access the pf.conf from PFsense and make those changes? If so, how do I get to pf.conf?

You need a linux gateway, using iptables.

Repeat after me:
pfSense is FreeBSD NOT Linux

So just right away: no this is not applicable to pfSense.

Also you dont want to mess with the ACK's.

Flow Control
The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems.

If you are experiencing lower pings through pfSense this can have several reasons.
Are you using polling?
Is your hardware undersized?
Current traffic over your pfSense?

If you are really concerned about your ping, connect your gaming machine directly to the modem to your ISP.

Here's the "fix" an alteration to IP tables.

In a terminal: sudo iptables -t nat -A PREROUTING -p tcp -d your.wow.server.ip.address –dport 3724 -j REDIRECT --to-ports 3724

sudo socat -d -d -d TCP4-LISTEN:3724,nodelay,fork,reuseaddr,su=nobody TCP4:12.129.225.21:3724,nodelay

Edit:

I play WoW thru my pfSense firewall just fine by the way.  ;)