Transparent Traffic Shaping in 1.2 Single WAN, Single LAN
-
Hello forum!
I'm trying to setup a transparent traffic shaper with pfSense 1.2 Final, I've seen various posts regarding whether or not this actually works.. The web interface says that shaping is not supported in Bridge Mode, is this still correct?? I'm trying to shape my traffic for prioritizing VoIP and IPSEC/PPTP (VoIP highest priority of course!) I have the transparent bridge working, and some things seem to be falling into queues, but only ACKS seem to show up there own quese, all other traffic is falling to the default queue. Here's a diagram of how my network looks (if that helps):
internet–---->DSL Router----->pfSense------>Perimeter Switch----->Office Router----->Lan Switch---->Computers, etc...
(static IP) (static IP) | | (static IP)
| |---->VoIP Server (static IP)
|---->Web Server (static IP)Is there a definitive answer as to whether or not traffic shaping works in bridge mode for 1.2 (or do I need to wait for 1.3??)
Thanks in advance,
-cvander
-
Hi
I have worked shaper on 1.2 (Bridge mode) 1LAN <> 1WAN
Possible looking you Shaper Rules?
-
I was using the traffic shaping wizard. I removed the rules that didn't apply, I'm only prioritizing VOIP, IPSEC, and PPTP… here's a paste of my rules and queues:
RULES:
WAN->LAN UDP * LAN net Port: 10000 - 20000 qVOIPDown/qVOIPUp m_voip Asterisk inbound
LAN->WAN UDP LAN net * Port: 10000 - 20000 qVOIPUp/qVOIPDown m_voip Asterisk outbound
LAN->WAN UDP LAN net * Port: 5060 - 5069 qVOIPUp/qVOIPDown m_voip Asterisk outbound
WAN->LAN UDP * LAN net Port: 5060 - 5069 qVOIPDown/qVOIPUp m_voip Asterisk inbound
WAN->LAN UDP * LAN net Port: 500 (isakmp) qOthersDownH/qOthersUpH m_Other IPSEC inbound
LAN->WAN AH LAN net * qOthersUpH/qOthersDownH m_Other IPSEC outbound
LAN->WAN ESP LAN net * qOthersUpH/qOthersDownH m_Other IPSEC outbound
LAN->WAN UDP LAN net * Port: 500 (isakmp) qOthersUpH/qOthersDownH m_Other IPSEC outbound
WAN->LAN AH * LAN net qOthersDownH/qOthersUpH m_Other IPSEC inbound
WAN->LAN ESP * LAN net qOthersDownH/qOthersUpH m_Other IPSEC inbound
WAN->LAN GRE * LAN net qOthersDownH/qOthersUpH m_Other PPTPGRE inbound
WAN->LAN TCP * LAN net Port: 1723 (PPTP) qOthersDownH/qOthersUpH m_Other PPTP inbound
LAN->WAN TCP LAN net * Port: 1723 (PPTP) qOthersUpH/qOthersDownH m_Other PPTP outbound
LAN->WAN GRE LAN net * qOthersUpH/qOthersDownH m_Other PPTPGRE outboundQUEUES:
Flag Priority Default BW Name
0 No 461 Kb qwanRoot
0 No 2700 Kb qlanRoot
1 Yes 1 % qwandef
1 Yes 1 % qlandef
ACK 7 No 25 % qwanacks
ACK 7 No 25 % qlanacks
7 No 25 % qVOIPUp
7 No 25 % qVOIPDown
RED ECN 4 No 25 % qOthersUpH
RED ECN 4 No 25 % qOthersDownH
RED ECN 2 No 1 % qOthersUpL
RED ECN 2 No 1 % qOthersDownLAny Help you could offer would be great... it just doesn't seem to shape properly (or at all!!)
-Chris
-
Shaping bridge have some features.
You must create rules from-connection_nitiator-to-target and will shape only Incoming traffic(for shape outgoing i modify pfsense 'inc' file).
–- Example
For shape HTTP:
Connection initiator = any WebBrowser from you LAN, target - Web Site.
Rule must be from LAN-to-WAN
LAN>WAN |proto TCP|source *, port *|dest *, port 80| .......If connection initiators from WAN (for example external TermServer(RDP) clients or any other) Rule must be WAN-to-LAN
WAN>LAN|proto TCP|source *, port *|dest IP_termServer, port 3389|...If connection initiators from you LAN to external TermServ(RDP)
Rule must be LAN-To-WAN
LAN>WAN|proto TCP|source *, port *|dest IP_termServer, port 3389|...
After my (INC) modifications this rules also shape outgouing traffic (ONE rule for both traffic directions).
-
I'm pretty new to this whole traffic shaping thing. I'm not sure I understand what I should be doing… I think I have my rules setup as you indicated, but they don't seem to work. Also, I'm not entirely sure what you mean by modifying the "inc" file. Is that something I can do via the interface, or do I need to hit the console and manually re-configure a file??
Thanks for all your help so far!
-Chris
-
dvserg,
Thanks for the help. After fooling around with the settings (and looking more closely at yours), I changed the source and destinations all to * instead of LAN or WAN… I guess the shaper has issues with those settings when it's acting as a transparent bridge. Everything seems to be working well now, thanks again.
-Chris
-
dvserg,
Thanks for the help. After fooling around with the settings (and looking more closely at yours), I changed the source and destinations all to * instead of LAN or WAN… I guess the shaper has issues with those settings when it's acting as a transparent bridge. Everything seems to be working well now, thanks again.
-Chris
Shaper 1.2 not defined for shape transparent bridge. I wait 1.3 - probably this have full support bridge mode.
-
I'd love to try out the 1.3 shaper for my purposes, but 1.3 always seems both about-to-release and far-far-away! I'm not complaining (this is fantastic free software!!!), but without a firm schedule I have to go with what is available. Thanks again for your help.
-Chris
-
Shaping bridge have some features.
You must create rules from-connection_nitiator-to-target and will shape only Incoming traffic(for shape outgoing i modify pfsense 'inc' file).–-
After my (INC) modifications this rules also shape outgouing traffic (ONE rule for both traffic directions).Hi, could you give me a basic run down of how to modify the INC file to shape outgoing (as in outgoing on the WAN interface) traffic in transparent bridging mode please.
Thanks