Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I shape Skype & BitTorrent traffic???

    Scheduled Pinned Locked Moved Traffic Shaping
    4 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      almlc
      last edited by

      Hello everybody

      I am in charge of a network which has approx. 60-70 hosts, laptops and phones (50/50), lots of them are owned by the staff.
      I want to shape the traffic, so the Skype calls have the highest priority, browsing have medium priority and BitTorrent the lowest priority and about 10% of available bandwidth. Connection is 100/100 Mbps, so I have plenty of bandwidth to work with.
      I already tried shaping traffic using NgNtop, but some of the workers complained about poor internet access, while others had no problems, until I deactivated this package.
      What else can I do? How to track Skype and BitTorrent traffic?

      1 Reply Last reply Reply Quote 0
      • luckman212L
        luckman212 LAYER 8
        last edited by

        I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.

        1 Reply Last reply Reply Quote 0
        • N
          Nullity
          last edited by

          @luckman212:

          I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.

          True. If additional packages are an option, snort has powerful L7 capabilities like AppID. Also, encryption (which Skype and optionally BitTorrent use) severely limits L7 capabilities (but I think AppID has additional tricks that can help).

          Skype could be matched by port, I assume, unless someone purposely is trying to hide the traffic.

          It'd probably be easier to proportionally share throughput among each IP with limiters.

          Please correct any obvious misinformation in my posts.
          -Not a professional; an arrogant ignoramous.

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            I take the whitelist approach instead of the blacklist. What I mean is I identify the traffic I want to by normal or high priority and all unknown traffic goes to low/idle priority. I use the term priority loosely because I use HFSC and all it really means is more or less bandwidth.

            Don't forget to enable CoDel on your child disciplines. At some point in the far future, PFSense should get Cake, once it's done and ported. Then you will probably never need to configure priorities again.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.