PfSense Mis-shaping traffic
-
Hey everyone!
Hope that you all can help me out of this one. I keep running into pfSense not classifying traffic properly. I download alot of system images and ISOs through torrents. The torrent traffic is unencrypted and runs on ports 1500-1599. Both pfSense and my clients are setup to work only on these ports and I have assigned them to the P2P Queue. Now, when I download something, it keeps throwing them into the default queue.
Now, I enable Voip shaping, it will put traffic into there instead. I don't have any ports overlapping with anything else and everything is setup using floating rules. I did 95% of the configuration using the wizard and just adjusted my port number to make what I needed.
What am I missing here? Is it possible that there is some hardware compatibility issues to where the NICs cannot classify the traffic?
-
Can we see your rules?
-
-
Your rule description says "outbound". Which interfaces and which direction do your P2p floating rules apply to?
-
huh… I never noticed that. I would like to make it watch both inbound and outbound...
Where is the setting for that and is there a way to apply that quickly?
-
I thought the entire point of floating rules was to abstract them above a particular interface or direction?….
-
@KOM:
I thought the entire point of floating rules was to abstract them above a particular interface or direction?….
Exactly! So…. what is going on here?
-
@KOM:
I thought the entire point of floating rules was to abstract them above a particular interface or direction?….
Sometimes you get a rule that like port 1-64000. Instead of setting your rule to match incoming or outgoing, you can set the destination on outgoing only as not to accidentally mark random client ports.
-
Thanks, I hadn't thought of that.
-
So Get this… I made some changes and I don't even have my VOIP rule in place in the floating list and somehow it is applying my Ooma Telo to the voip queue. :o
so, I formatted the entire thing and tried from scratch... SAME THING.
How/where are these rules defined in a file? I want to see if the GUI is REALLY showing what is going on....
Side Note
I triple checked all my rules, I don't have a blanket rule that uses that many ports. -
-
Can a single queue handle both In and Out traffic simultaneously? I think no.
If you create "qArb" on both WAN and LAN, you only need to assign traffic once and the returning traffic will find the properly named queue automatically, iirc. I think the Wizard makes use of this method.
As a general rule with pfSense, use precise, simple rules to ease later trouble-shooting. Broad rules with superfluous options can create an angry and frustrated admin.
