4. PfSense Mis-shaping traffic

PfSense Mis-shaping traffic

  • F

    Hey everyone!

    Hope that you all can help me out of this one. I keep running into pfSense not classifying traffic properly. I download alot of system images and ISOs through torrents. The torrent traffic is unencrypted and runs on ports 1500-1599. Both pfSense and my clients are setup to work only on these ports and I have assigned them to the P2P Queue. Now, when I download something, it keeps throwing them into the default queue.

    Now, I enable Voip shaping, it will put traffic into there instead. I don't have any ports overlapping with anything else and everything is setup using floating rules. I did 95% of the configuration using the wizard and just adjusted my port number to make what I needed.

    What am I missing here? Is it possible that there is some hardware compatibility issues to where the NICs cannot classify the traffic?

    0
  • H

    Can we see your rules?

    0
  • F

    @Harvy66:

    Can we see your rules?

    Sure thing. I added it to the original post. :)

    0
  • H

    Your rule description says "outbound". Which interfaces and which direction do your P2p floating rules apply to?

    0
  • F

    huh… I never noticed that. I would like to make it watch both inbound and outbound...

    Where is the setting for that and is there a way to apply that quickly?

    0

  • I thought the entire point of floating rules was to abstract them above a particular interface or direction?….

    0
  • F

    @KOM:

    I thought the entire point of floating rules was to abstract them above a particular interface or direction?….

    Exactly! So…. what is going on here?

    0
  • H

    @KOM:

    I thought the entire point of floating rules was to abstract them above a particular interface or direction?….

    Sometimes you get a rule that like port 1-64000. Instead of setting your rule to match incoming or outgoing, you can set the destination on outgoing only as not to accidentally mark random client ports.

    0

  • Thanks, I hadn't thought of that.

    0
  • F

    So Get this… I made some changes and I don't even have my VOIP rule in place in the floating list and somehow it is applying my Ooma Telo to the voip queue.  :o

    so, I formatted the entire thing and tried from scratch... SAME THING.

    How/where are these rules defined in a file? I want to see if the GUI is REALLY showing what is going on....

    Side Note
    I triple checked all my rules, I don't have a blanket rule that uses that many ports.

    0
  • D
    Banned

    @FireBean:

    How/where are these rules defined in a file?

    
pfctl -vvsr
    0
  • N

    Can a single queue handle both In and Out traffic simultaneously? I think no.

    If you create "qArb" on both WAN and LAN, you only need to assign traffic once and the returning traffic will find the properly named queue automatically, iirc. I think the Wizard makes use of this method.

    As a general rule with pfSense, use precise, simple rules to ease later trouble-shooting. Broad rules with superfluous options can create an angry and frustrated admin.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy