Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Scott, Trying to get the latest full version since you explained that the update doesn't update the BSD code. You gave me this URL: http://www.pfsense.com/~sullrich/ The files were there the other day but are gone now, I don't see this version on the mirrors. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:17 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Nope. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Doh! No better way to do this than removing the CF card and rewriting the whole thing? Just curious.. Thanks - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:52 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k If you are on a embedded image you need to reflash. The mini update does not contain freebsd changes! On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > OK, I got the latest version from the URL below.. > > I changed the line from sis1 to ng0 in /tmp/rules.debug > > I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > As you can see I still get the same error. > > Todd > - Original Message - > From: "Scott Ullrich" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 4:11 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > speed > to > less than 100k > > > Grab the latest version which does support ALTQ on NG0. > > http://www.pfsense.com/~sullrich/ > > Repeat tests and report back what Dan is looking for. > > On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > Hmmm... > > > > Since I turned shaper back off.. I had to turn it back on, I noticed > > that > > my > > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > > line > > where it belongs. > > > > After doing so, I ran: > > > > # pfctl -f /tmp/rules.debug > > pfctl: ng0: driver does not support altq > > > > and you see what I am getting. > > > > So... > > > > What now? > > > > Todd > > - Original Message - > > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, October 26, 2005 3:53 PM > > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > > speed > > to > > less than 100k > > > > > > > At 04:51 PM 10/26/2005, you wrote: > > >>OK, I did it and my link is still hosed. > > >> > > >>Do you want me to run any of those commands again or anything else > > >>now > > >>that I have reloaded the rules? > > > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Nope. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Doh! > > No better way to do this than removing the CF card and rewriting the whole > thing? > > Just curious.. > > Thanks > > > - Original Message - > From: "Scott Ullrich" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 4:52 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to > less than 100k > > > If you are on a embedded image you need to reflash. The mini update > does not contain freebsd changes! > > > > On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > OK, I got the latest version from the URL below.. > > > > I changed the line from sis1 to ng0 in /tmp/rules.debug > > > > I ran: > > > > # pfctl -f /tmp/rules.debug > > pfctl: ng0: driver does not support altq > > > > As you can see I still get the same error. > > > > Todd > > ----- Original Message - > > From: "Scott Ullrich" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, October 26, 2005 4:11 PM > > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed > > to > > less than 100k > > > > > > Grab the latest version which does support ALTQ on NG0. > > > > http://www.pfsense.com/~sullrich/ > > > > Repeat tests and report back what Dan is looking for. > > > > On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > > Hmmm... > > > > > > Since I turned shaper back off.. I had to turn it back on, I noticed > > > that > > > my > > > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > > > line > > > where it belongs. > > > > > > After doing so, I ran: > > > > > > # pfctl -f /tmp/rules.debug > > > pfctl: ng0: driver does not support altq > > > > > > and you see what I am getting. > > > > > > So... > > > > > > What now? > > > > > > Todd > > > - Original Message - > > > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > > > To: > > > Sent: Wednesday, October 26, 2005 3:53 PM > > > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > > > speed > > > to > > > less than 100k > > > > > > > > > > At 04:51 PM 10/26/2005, you wrote: > > > >>OK, I did it and my link is still hosed. > > > >> > > > >>Do you want me to run any of those commands again or anything else now > > > >>that I have reloaded the rules? > > > > > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Doh! No better way to do this than removing the CF card and rewriting the whole thing? Just curious.. Thanks - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:52 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k If you are on a embedded image you need to reflash. The mini update does not contain freebsd changes! On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Hmmm... > > Since I turned shaper back off.. I had to turn it back on, I noticed > that > my > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > line > where it belongs. > > After doing so, I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > and you see what I am getting. > > So... > > What now? > > Todd > - Original Message - > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 3:53 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > speed > to > less than 100k > > > > At 04:51 PM 10/26/2005, you wrote: > >>OK, I did it and my link is still hosed. > >> > >>Do you want me to run any of those commands again or anything else now > >>that I have reloaded the rules? > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
whew!!! i was starting to feel like i needed a good stiff drink! :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
If you are on a embedded image you need to reflash. The mini update does not contain freebsd changes! On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > OK, I got the latest version from the URL below.. > > I changed the line from sis1 to ng0 in /tmp/rules.debug > > I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > As you can see I still get the same error. > > Todd > - Original Message - > From: "Scott Ullrich" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 4:11 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to > less than 100k > > > Grab the latest version which does support ALTQ on NG0. > > http://www.pfsense.com/~sullrich/ > > Repeat tests and report back what Dan is looking for. > > On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > Hmmm... > > > > Since I turned shaper back off.. I had to turn it back on, I noticed that > > my > > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > > line > > where it belongs. > > > > After doing so, I ran: > > > > # pfctl -f /tmp/rules.debug > > pfctl: ng0: driver does not support altq > > > > and you see what I am getting. > > > > So... > > > > What now? > > > > Todd > > ----- Original Message - > > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, October 26, 2005 3:53 PM > > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed > > to > > less than 100k > > > > > > > At 04:51 PM 10/26/2005, you wrote: > > >>OK, I did it and my link is still hosed. > > >> > > >>Do you want me to run any of those commands again or anything else now > > >>that I have reloaded the rules? > > > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
So then no PfSense for me or at least no VOIP prioritization for me on my
home connection?
Just confirming before I give up.
Thanks everyone (Dan, Scott, Bill) for your help with this!
Todd
- Original Message -
From: "Bill Marquette" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 4:48 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
altq on sis1 hfsc queue { qWANRoot }
altq on sis0 hfsc queue { qLANRoot }
Ahahhaha, oops. Looks like I need to put a better check in the wizard
:) I forgot that ng0 isn't what shows up in the XML config, doh. At
this time ALTQ isn't supported for PPPOE, I believe we just backported
the FreeBSD fix for this that's in HEAD. But that totally explains
your issue (I think) :)
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> altq on sis1 hfsc queue { qWANRoot }
> altq on sis0 hfsc queue { qLANRoot }
Ahahhaha, oops. Looks like I need to put a better check in the wizard
:) I forgot that ng0 isn't what shows up in the XML config, doh. At
this time ALTQ isn't supported for PPPOE, I believe we just backported
the FreeBSD fix for this that's in HEAD. But that totally explains
your issue (I think) :)
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At the beginning of the wizard when it ask for: The download speed of your WAN link in Kbits/second. and The upload speed of your WAN link in Kbits/second. It wants the speed of the DSL connection right? Not the speed of the actual NIC (10mb or 100mb etc.)? How about in the Interfaces>WAN and Interfaces>LAN? I assume that here it wants the actual speed of the NIC, right? Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > At 04:51 PM 10/26/2005, you wrote: >>OK, I did it and my link is still hosed. >> >>Do you want me to run any of those commands again or anything else now >>that I have reloaded the rules? > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > At 04:51 PM 10/26/2005, you wrote: >>OK, I did it and my link is still hosed. >> >>Do you want me to run any of those commands again or anything else now >>that I have reloaded the rules? > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 05:07 PM 10/26/2005, you wrote: Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq well, that's a bummer. i think you're out of luck, then :( let me look at the ng driver and see what is involved in getting this to work. i don't have access to the source code right now, i'll look tonight... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Hmmm... > > Since I turned shaper back off.. I had to turn it back on, I noticed that my > changes to /tmp/rules.debug had gone away so I put the ng0 back on the line > where it belongs. > > After doing so, I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > and you see what I am getting. > > So... > > What now? > > Todd > - Original Message - > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 3:53 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to > less than 100k > > > > At 04:51 PM 10/26/2005, you wrote: > >>OK, I did it and my link is still hosed. > >> > >>Do you want me to run any of those commands again or anything else now > >>that I have reloaded the rules? > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:51 PM 10/26/2005, you wrote: OK, I did it and my link is still hosed. Do you want me to run any of those commands again or anything else now that I have reloaded the rules? yes, please send 'pfctl -sq' now that you reloaded 'em. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 04:51 PM 10/26/2005, you wrote: OK, I did it and my link is still hosed. Do you want me to run any of those commands again or anything else now that I have reloaded the rules? yes, please send 'pfctl -sq' now that you reloaded 'em. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
OK, I did it and my link is still hosed. Do you want me to run any of those commands again or anything else now that I have reloaded the rules? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:38 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:36 PM 10/26/2005, you wrote: Reloaded? How? after editing /tmp/rules.debug, you need to do 'pfctl -f /tmp/rules.debug' or your changes have no effect. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 04:36 PM 10/26/2005, you wrote: Reloaded? How? after editing /tmp/rules.debug, you need to do 'pfctl -f /tmp/rules.debug' or your changes have no effect. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
pfctl -f /tmp/rules.debug
On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> Reloaded?
>
> How?
>
> - Original Message -
> From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
> To:
> Sent: Wednesday, October 26, 2005 3:27 PM
> Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
> less than 100k
>
>
> > At 04:12 PM 10/26/2005, you wrote:
> >>queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot}
> >
> > are you sure you reloaded the rules after changing sis1 to ng0?
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Reloaded?
How?
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 3:27 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
At 04:12 PM 10/26/2005, you wrote:
queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot}
are you sure you reloaded the rules after changing sis1 to ng0?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 04:12 PM 10/26/2005, you wrote:
queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot}
are you sure you reloaded the rules after changing sis1 to ng0?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
thx, i'm looking at it now. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
s out quick on ng0 all keep state label "let out anything from firewall
host itself"
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANRoot tagged qWANRoot
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANdef tagged qWANdef
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANRoot tagged qLANRoot
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANdef tagged qLANdef
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANacks tagged qLANacks
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANacks tagged qWANacks
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qVOIPUp tagged qVOIPUp
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qVOIPDown tagged qVOIPDown
pass out quick on sis0 all keep state label "let out anything from firewall
host itself"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pptp"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pppoe"
anchor "anti-lockout" all
pass in quick inet from 192.168.1.0/24 to 192.168.1.1 keep state label
"anti-lockout web rule"
block drop in log proto tcp from to any port = ssh label
"sshlockout"
anchor "qWANRoot" all tagged qWANRoot
anchor "qWANdef" all tagged qWANdef
anchor "qLANRoot" all tagged qLANRoot
anchor "qLANdef" all tagged qLANdef
anchor "qLANacks" all tagged qLANacks
anchor "qWANacks" all tagged qWANacks
anchor "qVOIPUp" all tagged qVOIPUp
anchor "qVOIPDown" all tagged qVOIPDown
pass in quick on sis0 inet from 192.168.1.0/24 to any keep state label
"USER_RULE: Default LAN -> any" queue(qLANdef, qLANacks)
block drop in log quick all label "Default block all just to be sure."
block drop out log quick all label "Default block all just to be sure."
#
---
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 3:10 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
At 04:07 PM 10/26/2005, you wrote:
Looks like this now:
scrub on ng0 all max-mss 1452
#altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
---
No joy.
what do 'pfctl -sq' and 'pfctl -sr' show?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 04:07 PM 10/26/2005, you wrote:
Looks like this now:
scrub on ng0 all max-mss 1452
#altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
---
No joy.
what do 'pfctl -sq' and 'pfctl -sr' show?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Looks like this now:
scrub on ng0 all max-mss 1452
#altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
---
No joy.
Todd
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 3:03 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
At 04:01 PM 10/26/2005, you wrote:
hmmm, this should have read:
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
Should I change it and give it a whirl?
yes, please.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I ran:
'pfctl -f /tmp/rules.debug'
with the shaper back on and got no errors at all.
Todd
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 2:46 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
did you turn shaper back off? please turn it on and add the following two
lines before the queue directives (by editing /tmp/rules.debug)
altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot }
NOTE: change fxp1 to your wan interface and change vlan0 to your lan
interface. then do 'pfctl -f /tmp/rules.debug' and report results...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 04:01 PM 10/26/2005, you wrote:
hmmm, this should have read:
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
Should I change it and give it a whirl?
yes, please.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
hmmm, this should have read:
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
Should I change it and give it a whirl?
Todd
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
also post results of 'pfctl -sq'
# pfctl -sq
queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot}
queue qWANRoot bandwidth 768Kb priority 6 {qWANdef, qWANacks, qVOIPUp}
queue qWANdef bandwidth 7.68Kb priority 3 hfsc( default realtime(76.80Kb 1
76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(768Kb 100 691.20Kb) )
queue qWANacks bandwidth 7.68Kb priority 6 hfsc( realtime(76.80Kb 1
76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(614.40Kb 1 614.40Kb) )
queue qVOIPUp bandwidth 7.68Kb priority 7 hfsc( red ecn realtime(256Kb 1
256Kb) linkshare(0 b 1000 76.80Kb) upperlimit(256Kb 1 256Kb) )
queue root_sis0 bandwidth 100Mb priority 0 {qLANRoot}
queue qLANRoot bandwidth 1.50Mb priority 6 {qLANdef, qLANacks, qVOIPDown}
queue qLANdef bandwidth 15Kb priority 3 hfsc( default realtime(150Kb 1
150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.50Mb 100 1.35Mb) )
queue qLANacks bandwidth 15Kb priority 6 hfsc( realtime(150Kb 1 150Kb)
linkshare(0 b 1000 150Kb) upperlimit(1.20Mb 1 1.20Mb) )
queue qVOIPDown bandwidth 15Kb priority 7 hfsc( red ecn realtime(256Kb 1
256Kb) linkshare(0 b 1000 150Kb) upperlimit(256Kb 1 256Kb) )
#
---
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 2:46 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
also post results of 'pfctl -sq'
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:56 PM 10/26/2005, you wrote:
After turning the shaper back on, I do have this already in the file:
altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
Do you want me to still replace this with yours? Seems to be the
same basically..
see my previous mail. according to the rules, WAN is ng0, NOT sis1,
so i suspect that breaks things.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:54 PM 10/26/2005, you wrote:
Here is the file after turning shaping back on and before making the
changes you requested.
Working on the changes now.
Todd
-
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
hmmm, this should have read:
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
After turning the shaper back on, I do have this already in the file:
altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
Do you want me to still replace this with yours? Seems to be the same
basically..
Todd
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 2:46 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
did you turn shaper back off? please turn it on and add the following two
lines before the queue directives (by editing /tmp/rules.debug)
altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot }
NOTE: change fxp1 to your wan interface and change vlan0 to your lan
interface. then do 'pfctl -f /tmp/rules.debug' and report results...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
t; # let out anything from the firewall host itself and decrypted IPsec traffic # pass out quick on ng0 all keep state label "let out anything from firewall host itself" # pass traffic from firewall -> out anchor "firewallout" pass out quick on ng0 all keep state tagged qWANRoot queue qWANRoot label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qWANdef queue qWANdef label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qLANRoot queue qLANRoot label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qLANdef queue qLANdef label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qLANacks queue qLANacks label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qWANacks queue qWANacks label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qVOIPUp queue qVOIPUp label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qVOIPDown queue qVOIPDown label "let out anything from firewall host itself" pass out quick on ng0 all keep state label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qWANRoot queue qWANRoot label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qWANdef queue qWANdef label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qLANRoot queue qLANRoot label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qLANdef queue qLANdef label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qLANacks queue qLANacks label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qWANacks queue qWANacks label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qVOIPUp queue qVOIPUp label "let out anything from firewall host itself" pass out quick on sis0 all keep state tagged qVOIPDown queue qVOIPDown label "let out anything from firewall host itself" pass out quick on sis0 all keep state label "let out anything from firewall host itself" pass out quick on ng0 all keep state label "let out anything from firewall host itself pptp" pass out quick on ng0 all keep state label "let out anything from firewall host itself pppoe" # make sure the user cannot lock himself out of the webGUI or SSH anchor "anti-lockout" pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state label "anti-lockout web rule" # SSH lockout block in log proto tcp from to any port 22 label "sshlockout" # User-defined rules follow # Anchors for rules that might be matched by queues anchor qWANRoot tagged qWANRoot anchor qWANdef tagged qWANdef anchor qLANRoot tagged qLANRoot anchor qLANdef tagged qLANdef anchor qLANacks tagged qLANacks anchor qWANacks tagged qWANacks anchor qVOIPUp tagged qVOIPUp anchor qVOIPDown tagged qVOIPDown pass in quick on $lan from 192.168.1.0/24 to any keep state queue (qLANdef, qLANacks) label "USER_RULE: Default LAN -> any" # VPN Rules #--- # default rules (just to be sure) #--- block in log quick all label "Default block all just to be sure." block out log quick all label "Default block all just to be sure." - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:52 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:50 PM 10/26/2005, you wrote: Yes I turned it back off, I have to leave it off or my speed is miserable :) i understand your pain, but no test results with shaping off will be meaningful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:50 PM 10/26/2005, you wrote: Yes I turned it back off, I have to leave it off or my speed is miserable :) i understand your pain, but no test results with shaping off will be meaningful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Yes I turned it back off, I have to leave it off or my speed is miserable :)
I will turn it back on, then add the two lines you requested to rules.debug
Todd
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 2:46 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
did you turn shaper back off? please turn it on and add the following two
lines before the queue directives (by editing /tmp/rules.debug)
altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot }
NOTE: change fxp1 to your wan interface and change vlan0 to your lan
interface. then do 'pfctl -f /tmp/rules.debug' and report results...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
also post results of 'pfctl -sq' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
did you turn shaper back off? please turn it on and add the
following two lines before the queue directives (by editing /tmp/rules.debug)
altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot }
NOTE: change fxp1 to your wan interface and change vlan0 to your lan
interface. then do 'pfctl -f /tmp/rules.debug' and report results...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? Nope.. # # # pfctl -f /tmp/rules.debug # - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
what does /tmp/rules.debug show now?
##
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
nat-anchor "pftpx/*"
nat-anchor "natearly/*"
nat-anchor "natrules/*"
nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500
nat on ng0 from 192.168.1.0/24 to any -> (ng0)
#SSH Lockout Table
table persist
# spam table
table persist
# Load balancing anchor - slbd updates
rdr-anchor "slb"
# FTP proxy
rdr-anchor "pftpx/*"
rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
anchor "firewallrules"
# loopback
anchor "loopback"
pass in quick on lo0 all label "pass loopback"
pass out quick on lo0 all label "pass loopback"
# package manager early specific hook
anchor "packageearly"
# carp
anchor "carp"
# enable ftp-proxy
anchor "ftpproxy"
anchor "pftpx/*"
pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user
proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
# allow access to DHCP server on LAN
anchor "dhcpserverlan"
pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port =
67 label "allow access to DHCP server on LAN"
pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67
label "allow access to DHCP server on LAN"
pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68
label "allow access to DHCP server on LAN"
# WAN spoof check
anchor "wanspoof"
block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check"
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
anchor "wandhcp"
pass out quick on ng0 proto udp from any port = 68 to any port = 67 label
"allow dhcp client out wan"
block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24
port = 68 label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = 67 to any port = 68 label
"allow dhcp client out wan"
# LAN/OPT spoof check (needs to be after DHCP because of broadcast
addresses)
antispoof for sis0
# block anything from private networks on WAN interface
anchor "spoofing"
block in log quick on ng0 from 10.0.0.0/8 to any label "block private
networks from wan block 10/8"
block in log quick on ng0 from 127.0.0.0/8 to any label "block private
networks from wan block 127/8"
block in log quick on ng0 from 172.16.0.0/12 to any label "block private
networks from wan block 172.16/12"
block in log quick on ng0 from 192.168.0.0/16 to any label "block private
networks from wan block 192.168/16"
# Support for allow limiting of TCP connections by establishment rate
anchor "limitingesr"
table
# block bogon networks
# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
anchor "wanbogons"
table persist file "/etc/bogons"
block in log quick on ng0 from to any label "block bogon networks
from wan"
# let out anything from the firewall host itself and decrypted IPsec traffic
# pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
# pass traffic from firewall -> out
anchor "firewallout"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
pass out quick on sis0 all keep state label "let out anything from firewall
host itself"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pptp"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pppoe"
# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state label
"anti-lockout web rule"
# SSH lockout
block in log proto tcp from to any port 22 label "sshlockout"
# User-defined rules follow
pass in quick on $lan from 192.168.1.0/24 to any keep state label
"USER_RULE: Default LAN -> any"
# VPN Rules
#---------------------------
# default rules (just to be sure)
#---
block in log quick all label "Default block all just to be sure."
block out log quick all label
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:37 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. OK, I set my WAN to 10mb and my LAN to 100mb. I then turned traffic shaper back on and did a speed test and no joy, same thing, can't get past 100k or so. I will run the commands you suggested and reply soon. I'm betting I know the results :) There is a bug (or something) where it seems like the BW setting in the GUI gets lost, so the shaper wizard can't find it and the 'altq' commands have no BW number in them. Waiting for the results... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. OK, I set my WAN to 10mb and my LAN to 100mb. I then turned traffic shaper back on and did a speed test and no joy, same thing, can't get past 100k or so. I will run the commands you suggested and reply soon. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:34 PM 10/26/2005, you wrote: After setting the LAN interface to 100 mb, the screen came back OK except I saw this at the very bottom of the screen: ifconfig: not found Warning: unlink(/var/run/lan.conf.dirty): No such file or directory in /usr/local/www/interfaces_lan.php on line 283 Anyone know what this is about? sounds like a glitch. maybe harmless. what does /tmp/rules.debug show now? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
After setting the LAN interface to 100 mb, the screen came back OK except I saw this at the very bottom of the screen: ifconfig: not found Warning: unlink(/var/run/lan.conf.dirty): No such file or directory in /usr/local/www/interfaces_lan.php on line 283 Anyone know what this is about? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
try putting manual bandwidth for WAN and LAN in the gui and see if that
helps.
You mean under "Interfaces>WAN" and "Interfaces>LAN"?
Are you sure you get no errors when loading this?
Sorry, when loading what?
Todd
- Original Message -
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 2:22 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
At 03:15 PM 10/26/2005, you wrote:
this is really odd. no queue stuff at all? what happens if you manually
type:
pfctl -f /tmp/rules.debug
any errors?
Try this:
###
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
altq on sis1 hfsc queue { qWANRoot } <=== bingo!
altq on sis0 hfsc queue { qLANRoot } < bingo!
If no bandwidth is in the GUI for an interface, it tries to guess by the
interface name. For vlan (my problem) that doesn't work, so i get errors.
dunno what ppoe does. try putting manual bandwidth for WAN and LAN in the
gui and see if that helps. Are you sure you get no errors when loading
this?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:19 PM 10/26/2005, you wrote: Huh? Aren't lots of people using PPPOE? This is all I can get at home these days. Confused as to why this should matter, the bandwidth is the same. driver may not support it. see my mail just now So, should I give up on PfSense working for me at home in regards to traffic shaping? This stinks since I have to have VOIP traffic prioritized or I can't us it. Thanks for the info. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:15 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k ng0 <--- this shows that your using pppoe. I don't think the traffic shaper is compatible with this. I have a patch in the system today that will change this, but I am not sure how this would affect your situation. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > > this is really odd. no queue stuff at all? what happens if you > manually > type: > > pfctl -f /tmp/rules.debug > > any errors? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:15 PM 10/26/2005, you wrote:
this is really odd. no queue stuff at all? what happens if you
manually type:
pfctl -f /tmp/rules.debug
any errors?
Try this:
###
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
altq on sis1 hfsc queue { qWANRoot } <=== bingo!
altq on sis0 hfsc queue { qLANRoot } < bingo!
If no bandwidth is in the GUI for an interface, it tries to guess by
the interface name. For vlan (my problem) that doesn't work, so i
get errors. dunno what ppoe does. try putting manual bandwidth for
WAN and LAN in the gui and see if that helps. Are you sure you get
no errors when loading this?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Huh? Aren't lots of people using PPPOE? This is all I can get at home these days. Confused as to why this should matter, the bandwidth is the same. So, should I give up on PfSense working for me at home in regards to traffic shaping? This stinks since I have to have VOIP traffic prioritized or I can't us it. Thanks for the info. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:15 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k ng0 <--- this shows that your using pppoe. I don't think the traffic shaper is compatible with this. I have a patch in the system today that will change this, but I am not sure how this would affect your situation. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > > this is really odd. no queue stuff at all? what happens if you > manually > type: > > pfctl -f /tmp/rules.debug > > any errors? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
this is really odd. no queue stuff at all? what happens if you manually
type:
pfctl -f /tmp/rules.debug
any errors?
Try this:
###
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
altq on sis1 hfsc queue { qWANRoot }
altq on sis0 hfsc queue { qLANRoot }
queue qWANRoot bandwidth 768Kb priority 6 hfsc { qWANdef, qWANacks,
qVOIPUp }
queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qLANRoot bandwidth 1500Kb priority 6 hfsc { qLANdef, qLANacks,
qVOIPDown }
queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100
90%) linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%)
linkshare(0% 1000 10%) realtime(10% 1 10%) )
queue qVOIPUp bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1 256Kb)
linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) )
queue qVOIPDown bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1
256Kb) linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) )
nat-anchor "pftpx/*"
nat-anchor "natearly/*"
nat-anchor "natrules/*"
nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500
nat on ng0 from 192.168.1.0/24 to any -> (ng0)
#SSH Lockout Table
table persist
# spam table
table persist
# Load balancing anchor - slbd updates
rdr-anchor "slb"
# FTP proxy
rdr-anchor "pftpx/*"
rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
pass in on sis0 from 192.168.1.0/24 to any tos lowdelay keep state tag
qVOIPDown
pass out on ng0 from any to any tos lowdelay keep state tag qVOIPUp
pass in on ng0 from any to 192.168.1.0/24 tos lowdelay keep state tag
qVOIPUp
pass out on sis0 from any to 192.168.1.0/24 tos lowdelay keep state tag
qVOIPDown
anchor "firewallrules"
# loopback
anchor "loopback"
pass in quick on lo0 all label "pass loopback"
pass out quick on lo0 all label "pass loopback"
# package manager early specific hook
anchor "packageearly"
# carp
anchor "carp"
# enable ftp-proxy
anchor "ftpproxy"
anchor "pftpx/*"
pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user
proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
# allow access to DHCP server on LAN
anchor "dhcpserverlan"
pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port =
67 label "allow access to DHCP server on LAN"
pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67
label "allow access to DHCP server on LAN"
pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68
label "allow access to DHCP server on LAN"
# WAN spoof check
anchor "wanspoof"
block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check"
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
anchor "wandhcp"
pass out quick on ng0 proto udp from any port = 68 to any port = 67 label
"allow dhcp client out wan"
block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24
port = 68 label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = 67 to any port = 68 label
"allow dhcp client out wan"
# LAN/OPT spoof check (needs to be after DHCP because of broadcast
addresses)
antispoof for sis0
# block anything from private networks on WAN interface
anchor "spoofing"
block in log quick on ng0 from 10.0.0.0/8 to any label "block private
networks from wan block 10/8"
block in log quick on ng0 from 127.0.0.0/8 to any label "block private
networks from wan block 127/8"
block in log quick on ng0 from 172.16.0.0/12 to any label "block private
networks from wan block 172.16/12"
block in log quick on ng0 from 192.168.0.0/16 to any label "block private
networks from wan block 192.168/16"
# Support for allow limiting of TCP connections by establishment rate
anchor "limitingesr"
table
# block bogon networks
# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
anchor "wanbogons"
table persist file "/etc/bogons"
block in log quick on ng0 from to any label "block bogon networks
from wan"
# let out anything from the firewall host itself and decrypted IPsec traffic
# pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
# pass traffic from firewall -> out
anchor "firewallout"
pass out quick on ng0 all keep state tagged qWANRoot queue qWANRoot label
"let out anything from firewall host itself"
pass out quick on ng0 all keep state tagged qWANdef queue qWANdef label "
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:12 PM 10/26/2005, you wrote: Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? yes :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
ng0 <--- this shows that your using pppoe. I don't think the traffic shaper is compatible with this. I have a patch in the system today that will change this, but I am not sure how this would affect your situation. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Sorry... > > I have it turned off at the moment because it kills my connection speed :) > > I guess I have to turn it back on so the info will show up in this file? > > Todd > - Original Message - > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 2:11 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to > less than 100k > > > > > > this is really odd. no queue stuff at all? what happens if you manually > > type: > > > > pfctl -f /tmp/rules.debug > > > > any errors? > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k this is really odd. no queue stuff at all? what happens if you manually type: pfctl -f /tmp/rules.debug any errors? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
this is really odd. no queue stuff at all? what happens if you manually type: pfctl -f /tmp/rules.debug any errors? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sending /tmp/rules.debug may help show the problem. Sanitize any
personal data before sending (if you don't want your ips shown,etc)
# System Aliases
lan = "{ sis0 }"
wan = "{ ng0 }"
pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }"
DMZ = "{ sis2 }"
# User Aliases
set loginterface sis1
set loginterface sis0
set loginterface sis2
set optimization normal
scrub on ng0 all max-mss 1452
nat-anchor "pftpx/*"
nat-anchor "natearly/*"
nat-anchor "natrules/*"
nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500
nat on ng0 from 192.168.1.0/24 to any -> (ng0)
#SSH Lockout Table
table persist
# spam table
table persist
# Load balancing anchor - slbd updates
rdr-anchor "slb"
# FTP proxy
rdr-anchor "pftpx/*"
rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
anchor "firewallrules"
# loopback
anchor "loopback"
pass in quick on lo0 all label "pass loopback"
pass out quick on lo0 all label "pass loopback"
# package manager early specific hook
anchor "packageearly"
# carp
anchor "carp"
# enable ftp-proxy
anchor "ftpproxy"
anchor "pftpx/*"
pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user
proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
# allow access to DHCP server on LAN
anchor "dhcpserverlan"
pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port =
67 label "allow access to DHCP server on LAN"
pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67
label "allow access to DHCP server on LAN"
pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68
label "allow access to DHCP server on LAN"
# WAN spoof check
anchor "wanspoof"
block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check"
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
anchor "wandhcp"
pass out quick on ng0 proto udp from any port = 68 to any port = 67 label
"allow dhcp client out wan"
block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24
port = 68 label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = 67 to any port = 68 label
"allow dhcp client out wan"
# LAN/OPT spoof check (needs to be after DHCP because of broadcast
addresses)
antispoof for sis0
# block anything from private networks on WAN interface
anchor "spoofing"
block in log quick on ng0 from 10.0.0.0/8 to any label "block private
networks from wan block 10/8"
block in log quick on ng0 from 127.0.0.0/8 to any label "block private
networks from wan block 127/8"
block in log quick on ng0 from 172.16.0.0/12 to any label "block private
networks from wan block 172.16/12"
block in log quick on ng0 from 192.168.0.0/16 to any label "block private
networks from wan block 192.168/16"
# Support for allow limiting of TCP connections by establishment rate
anchor "limitingesr"
table
# block bogon networks
# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
anchor "wanbogons"
table persist file "/etc/bogons"
block in log quick on ng0 from to any label "block bogon networks
from wan"
# let out anything from the firewall host itself and decrypted IPsec traffic
# pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
# pass traffic from firewall -> out
anchor "firewallout"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
pass out quick on sis0 all keep state label "let out anything from firewall
host itself"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pptp"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pppoe"
# make sure the user cannot lock himself out of the webGUI or SSH
anchor "anti-lockout"
pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state label
"anti-lockout web rule"
# SSH lockout
block in log proto tcp from to any port 22 label "sshlockout"
# User-defined rules follow
pass in quick on $lan from 192.168.1.0/24 to any keep state label
"USER_RULE: Default LAN -> any"
# VPN Rules
#---------------
# default rules (just to be sure)
#
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:00 PM 10/26/2005, you wrote: I think this is what you want: - hfsc - ewww, no thanks. reading raw xml is not fun. as scott said, go to /tmp and post rules.debug (removing IP addresses etc if you're worried about security.,,) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 03:00 PM 10/26/2005, you wrote: Sending /tmp/rules.debug may help show the problem. Sanitize any personal data before sending (if you don't want your ips shown,etc) yeah, that's better... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I think this is what you want: - hfsc - qWANRoot 0 6 on 768 Kb - qWANdef qWANRoot 0 true 3 on 10% 1 10% on 0% 1000 10% on 100% 100 90% 1 % - qLANRoot 0 6 on 1500 Kb - qLANdef 3 qLANRoot 0 true on 10% 1 10% on 0% 1000 10% on 100% 100 90% 1 % - qLANacks qLANRoot 0 6 on 10% 1 10% on 0% 1000 10% on 80% 1 80% 1 % - qWANacks qWANRoot 0 6 on 10% 1 10% on 0% 1000 10% on 80% 1 80% 1 % - qVOIPUp 0 7 on on 256Kb 1 256Kb on 0% 1000 10% on 256Kb 1 256Kb 1 % qWANRoot - qVOIPDown 0 7 on on 256Kb 1 256Kb on 0% 1000 10% on 256Kb 1 256Kb 1 % qLANRoot - DiffServ/Lowdelay/Upload qVOIPDown qVOIPUp lan - lan - lowdelay - DiffServ/Lowdelay/Download qVOIPUp qVOIPDown wan - - lan lowdelay - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:56 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:54 PM 10/26/2005, you wrote: Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. now *that* is really weird. can you post your rules and queues? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 02:58 PM 10/26/2005, you wrote: Sure, what would be the easiest way to do this? Get a shell on your box and do: pfctl -sq pftcl -sr I have nothing more than I mentioned before.. Plain vanilla setup with just the shaper stuff I mentioned. I don't even have any firewall rules or anything else really in place. Not questioning that, but hard to know what's wrong without seeing 'em. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sending /tmp/rules.debug may help show the problem. Sanitize any personal data before sending (if you don't want your ips shown,etc) On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Sure, what would be the easiest way to do this? > > I have nothing more than I mentioned before.. Plain vanilla setup with just > the shaper stuff I mentioned. I don't even have any firewall rules or > anything else really in place. > > Todd > > - Original Message - > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 1:56 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to > less than 100k > > > > At 02:54 PM 10/26/2005, you wrote: > >>Also, I tried lower the guarantee to 256k just in case this part of the > >>problem. > >> > >>No joy, same issue.. > > > > now *that* is really weird. can you post your rules and queues? > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sure, what would be the easiest way to do this? I have nothing more than I mentioned before.. Plain vanilla setup with just the shaper stuff I mentioned. I don't even have any firewall rules or anything else really in place. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:56 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:54 PM 10/26/2005, you wrote: Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. now *that* is really weird. can you post your rules and queues? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 02:54 PM 10/26/2005, you wrote: Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. now *that* is really weird. can you post your rules and queues? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:48 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: I probably don't but I do testing sometimes with multiple lines back to my SoftSwitch at the office and don't want to yank it down to 100k or so and have problems. Either way the bandwidth here is only suppose to be reserved for the VOIP if the VOIP is actually using it, when it's not being used then it's allocated back to data etc. At least this is the way I understand it.. That's correct. Bill will have to chime in here on if this is no longer the way it works. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 02:48 PM 10/26/2005, you wrote: On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > I probably don't but I do testing sometimes with multiple lines back to my > SoftSwitch at the office and don't want to yank it down to 100k or so and > have problems. > > Either way the bandwidth here is only suppose to be reserved for the VOIP if > the VOIP is actually using it, when it's not being used then it's allocated > back to data etc. At least this is the way I understand it.. That's correct. Bill will have to chime in here on if this is no longer the way it works. Yeah, I dig that, just wondering. Does seem like the wrong behavior... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > I probably don't but I do testing sometimes with multiple lines back to my > SoftSwitch at the office and don't want to yank it down to 100k or so and > have problems. > > Either way the bandwidth here is only suppose to be reserved for the VOIP if > the VOIP is actually using it, when it's not being used then it's allocated > back to data etc. At least this is the way I understand it.. That's correct. Bill will have to chime in here on if this is no longer the way it works. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
It guarantees that his entire line could be used for VOIP if needed. >From my understanding of the shaper (until it was recently changed) was that you can dedicate all the bandwidth you want and if it's not using it other queues would borrow from it. It appears that this behavior has changed. On 10/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > At 02:31 PM 10/26/2005, you wrote: > >Here is my setup: > > > >WRAP > >128 mb CF Card > > > >First install 0.864 then upgraded via the web GUI to 0.892 WRAP. > > > >Currently using WAN/LAN only, OPT1 is not doing anything. > > > >This is a home setup using a DSL connection with PPPOE. > > > >All is well until I turn on traffic shaping and run the wizard, then > >my data speed using most speedtest sites goes from 1500/768 or so, > >to approx 94/46 or so. Happens everytime I turn shaping on or off, > >it's definitely the shaping causing this issue without a doubt. > > > >All I did in the traffic shaper wizard is tell it to prioritize VOIP > >and guarantee 768k of the bandwidth for this purpose. I selected > >Generic for the type of VOIP service. I finished the wizard and that's it.. > > > >So, I am confused what I did wrong which made this kill my > >bandwidth. Thoughts? > > why on earth do you need 768kb for VOIP??? > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I probably don't but I do testing sometimes with multiple lines back to my SoftSwitch at the office and don't want to yank it down to 100k or so and have problems. Either way the bandwidth here is only suppose to be reserved for the VOIP if the VOIP is actually using it, when it's not being used then it's allocated back to data etc. At least this is the way I understand it.. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:34 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:31 PM 10/26/2005, you wrote: Here is my setup: WRAP 128 mb CF Card First install 0.864 then upgraded via the web GUI to 0.892 WRAP. Currently using WAN/LAN only, OPT1 is not doing anything. This is a home setup using a DSL connection with PPPOE. All is well until I turn on traffic shaping and run the wizard, then my data speed using most speedtest sites goes from 1500/768 or so, to approx 94/46 or so. Happens everytime I turn shaping on or off, it's definitely the shaping causing this issue without a doubt. All I did in the traffic shaper wizard is tell it to prioritize VOIP and guarantee 768k of the bandwidth for this purpose. I selected Generic for the type of VOIP service. I finished the wizard and that's it.. So, I am confused what I did wrong which made this kill my bandwidth. Thoughts? why on earth do you need 768kb for VOIP??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At 02:31 PM 10/26/2005, you wrote: Here is my setup: WRAP 128 mb CF Card First install 0.864 then upgraded via the web GUI to 0.892 WRAP. Currently using WAN/LAN only, OPT1 is not doing anything. This is a home setup using a DSL connection with PPPOE. All is well until I turn on traffic shaping and run the wizard, then my data speed using most speedtest sites goes from 1500/768 or so, to approx 94/46 or so. Happens everytime I turn shaping on or off, it's definitely the shaping causing this issue without a doubt. All I did in the traffic shaper wizard is tell it to prioritize VOIP and guarantee 768k of the bandwidth for this purpose. I selected Generic for the type of VOIP service. I finished the wizard and that's it.. So, I am confused what I did wrong which made this kill my bandwidth. Thoughts? why on earth do you need 768kb for VOIP??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
