I need help with traffic shaper



  • Hi guys,

    I'm using pfSense from about 1 month and I think it is one of the best software of its kind.

    Now I'm having problems with some of my guests using P2P programs (eMule); sometimes I even can't browse the web cause the bandwith is not available!
    I've tried to use the traffic shaper wizard to de-prioritize P2P traffic, but it doesn't seem to work.
    What I'd like to do now is limit the download bandwith to all leased IP to max 2Mb and the upload bandwith to max 256Kb, and give max priority to all static IP… but I don't know how to do it.

    Anyone would like to help me to understand how traffic shaper works and make the settings to do what I'd like to?



  • Mine seems to be working not too bad.  Although its hard to test as I don't know what all the little queue drops/borrows/suspend and x/pps etc do and I dont know if the queue has a red bar what that means either.

    But just make sure you have the bandwidth of your wan and lan Set correctly (actual speed of your NICS not the internet connection).  And I think there is another post here that tells you how to do what you are asking.



  • @Jesse7:

    But just make sure you have the bandwidth of your wan and lan Set correctly (actual speed of your NICS not the internet connection).  And I think there is another post here that tells you how to do what you are asking.

    NICs speed???
    I've read somewhere to set it to my max internet connection speed (and that pfSense will subtract 20% automatically)!!
    Right now I've got my max bandwith set to 4000Kb and 512Kb.

    As far as I can see, my eMule upload speed is in fact reduced, but I still get too much latency when I browse the web. I hate to wait even 2 seconds to see a web page, when usually (without using P2P software) I get web pages almost immediately.



  • Please revisit the ez-wizard and check your settings at the "other protocols" screen, the last one before you apply your settings. Give higher priority to dns, http and whatever else you need. DNS will give you faster IP-Adress resolving, HTTP will load the page faster.



  • Open the web GUI.  Goto Interfaces > Wan.  And interfaces > LAN.  Under bandwidth management you set the speed of the NICS.  I don't know how important it is. But it made a difference to me as I use a 10Mb and 100Mb Nic.



  • @hoba:

    Please revisit the ez-wizard and check your settings at the "other protocols" screen, the last one before you apply your settings. Give higher priority to dns, http and whatever else you need. DNS will give you faster IP-Adress resolving, HTTP will load the page faster.

    That's what I did. I've only changed the wizard-created rules about P2P setting them to max 50% bandwith both down and up stream.
    Right now my browser needs about 10 seconds to get to the traffic shaper page on my pfSense box and about 3-4 seconds for web pages to load.
    I think there's some problem on my pfSense… or my pc is too slow?
    Right now my configuration is:

    Pentium II 350 + 256MB RAM + 3 x 3com NICs + 6GB HDD



  • @Jesse7:

    Open the web GUI.  Goto Interfaces > Wan.  And interfaces > LAN.  Under bandwidth management you set the speed of the NICS.  I don't know how important it is. But it made a difference to me as I use a 10Mb and 100Mb Nic.

    That is ok. I thought you were talking about the max speed in traffic shaper settings.



  • Please try setting the bandwidth not as percent values but calculate half of your bandwidth and place it in the fields. maybe there is going on some misscalculation and your 50% are actually more than your full bandwidth. See if this makes a difference. The shaper only can work if you don't oversaturate your available bandwidth.



  • @aleph:

    That's what I did. I've only changed the wizard-created rules about P2P setting them to max 50% bandwith both down and up stream.
    Right now my browser needs about 10 seconds to get to the traffic shaper page on my pfSense box and about 3-4 seconds for web pages to load.
    I think there's some problem on my pfSense… or my pc is too slow?
    Right now my configuration is:

    Pentium II 350 + 256MB RAM + 3 x 3com NICs + 6GB HDD

    That's probably the shaper kicking in (although, depending on rules loaded, it does take a while to display the rules) :-/  Since the queueing happens outbound from the firewall (and has to, it's a queue :)) your pfsense management get's rate limited.  The shaper is very much a work in progress, I've got a number of these types of issues in my TODO list and certainly am always looking for other ways to improve it.  One of these days I'll get around to adding a shapertodo wiki page.

    –Bill



  • @billm:

    @aleph:

    That's what I did. I've only changed the wizard-created rules about P2P setting them to max 50% bandwith both down and up stream.
    Right now my browser needs about 10 seconds to get to the traffic shaper page on my pfSense box and about 3-4 seconds for web pages to load.
    I think there's some problem on my pfSense… or my pc is too slow?
    Right now my configuration is:

    Pentium II 350 + 256MB RAM + 3 x 3com NICs + 6GB HDD

    That's probably the shaper kicking in (although, depending on rules loaded, it does take a while to display the rules) :-/  Since the queueing happens outbound from the firewall (and has to, it's a queue :)) your pfsense management get's rate limited.  The shaper is very much a work in progress, I've got a number of these types of issues in my TODO list and certainly am always looking for other ways to improve it.  One of these days I'll get around to adding a shapertodo wiki page.

    –Bill

    Thank you very much for your support and job.
    I like pfSense very much and hope it will be perfectly functional soon.

    By the way… I've got my pfSense box connected to a certain VLAN on a Cisco 2950 switch together with my ISP router.
    My ISP router has a 10Mb link to the switch and pfSense a 100Mb link.
    I've set my WAN interface speed to 10Mb on pfSense, is that right?



  • @aleph:

    @billm:

    @aleph:

    That's what I did. I've only changed the wizard-created rules about P2P setting them to max 50% bandwith both down and up stream.
    Right now my browser needs about 10 seconds to get to the traffic shaper page on my pfSense box and about 3-4 seconds for web pages to load.
    I think there's some problem on my pfSense… or my pc is too slow?
    Right now my configuration is:

    Pentium II 350 + 256MB RAM + 3 x 3com NICs + 6GB HDD

    That's probably the shaper kicking in (although, depending on rules loaded, it does take a while to display the rules) :-/  Since the queueing happens outbound from the firewall (and has to, it's a queue :)) your pfsense management get's rate limited.  The shaper is very much a work in progress, I've got a number of these types of issues in my TODO list and certainly am always looking for other ways to improve it.  One of these days I'll get around to adding a shapertodo wiki page.

    –Bill

    Thank you very much for your support and job.
    I like pfSense very much and hope it will be perfectly functional soon.

    By the way… I've got my pfSense box connected to a certain VLAN on a Cisco 2950 switch together with my ISP router.
    My ISP router has a 10Mb link to the switch and pfSense a 100Mb link.
    I've set my WAN interface speed to 10Mb on pfSense, is that right?

    Hard to know exactly, as your setup is not so basic.  Under interfaces (i think).  YOu can select "assign, Lan and Wan".
    In there as far as I know you have to select the speed of the two NIC's in your PFsense.

    And when you run the traffic shaping wizard it will ask you to put in the speed of your WAN (in your case 10Mbit) for download and whatever the speed is for upload.

    That's the way I set mine up anyways and it seems to go well.



  • Hmm Are you sure you should put 10mb even if your internet speed is under 10mb? That way you makes pfsense to think it has higher bandwidth than it has or do i think wrong there? I think you should put your ISP's speed to your line as speed for wan and then NIC's for the LAN in that case. But I'm not sure about that.

    I have a 8 mb DL and 0.8 MB UL on my DSL line so I am setting 8000 as speed for my wan. But as I said i am not sure if I am wrong or right there. Need to play with it more.



  • The speed at the interface setting should be the physical linespeed of your interface, NOT the speed something is limiting you to by throtteling bandwidth. The Trafficshaper will create queues that go inside that bandwidthsetting.

    There's a note at the interface bandwidth option:
    "The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed!"

    Reading helps  ;D


Log in to reply