Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How do I shape Skype & BitTorrent traffic???

    Traffic Shaping
    4
    4
    1896
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      almlc last edited by

      Hello everybody

      I am in charge of a network which has approx. 60-70 hosts, laptops and phones (50/50), lots of them are owned by the staff.
      I want to shape the traffic, so the Skype calls have the highest priority, browsing have medium priority and BitTorrent the lowest priority and about 10% of available bandwidth. Connection is 100/100 Mbps, so I have plenty of bandwidth to work with.
      I already tried shaping traffic using NgNtop, but some of the workers complained about poor internet access, while others had no problems, until I deactivated this package.
      What else can I do? How to track Skype and BitTorrent traffic?

      1 Reply Last reply Reply Quote 0
      • luckman212
        luckman212 last edited by

        I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.

        1 Reply Last reply Reply Quote 0
        • N
          Nullity last edited by

          @luckman212:

          I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.

          True. If additional packages are an option, snort has powerful L7 capabilities like AppID. Also, encryption (which Skype and optionally BitTorrent use) severely limits L7 capabilities (but I think AppID has additional tricks that can help).

          Skype could be matched by port, I assume, unless someone purposely is trying to hide the traffic.

          It'd probably be easier to proportionally share throughput among each IP with limiters.

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66 last edited by

            I take the whitelist approach instead of the blacklist. What I mean is I identify the traffic I want to by normal or high priority and all unknown traffic goes to low/idle priority. I use the term priority loosely because I use HFSC and all it really means is more or less bandwidth.

            Don't forget to enable CoDel on your child disciplines. At some point in the far future, PFSense should get Cake, once it's done and ported. Then you will probably never need to configure priorities again.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy