RE: [pfSense Support] Traffic Shaping/Bridge
Thanks Bill-- I think others like myself have been under the impression that the traffic shaper does not function *at all* if you attempted to use it in conjunction with two bridged interfaces. Now that that's cleared up, I can move forward and create rules that should shape traffic properly for us (and a couple of customers). Thanks for the clarification. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 1:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaping/Bridge On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: > I don't mean the traffic shaper *wizard*, I'm talking about the > traffic shaper itself. (I can config the rules myself if that means it > will function on bridged connections) I know what you're asking. Since the wizard is the supported method of creating rules, it's the one I'm going to answer for. You can hand craft rules that should work for bridged mode. As I said, take a close look at the rules, it'll be obvious what's broken. > Sorry if I'm being dense here, just trying to understand the > limitation (or misinterpretation as it were). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping/Bridge
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: I don't mean the traffic shaper *wizard*, I'm talking about the traffic shaper itself. (I can config the rules myself if that means it will function on bridged connections) I know what you're asking. Since the wizard is the supported method of creating rules, it's the one I'm going to answer for. You can hand craft rules that should work for bridged mode. As I said, take a close look at the rules, it'll be obvious what's broken. Sorry if I'm being dense here, just trying to understand the limitation (or misinterpretation as it were). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Traffic Shaping/Bridge
I don't mean the traffic shaper *wizard*, I'm talking about the traffic shaper itself. (I can config the rules myself if that means it will function on bridged connections) Sorry if I'm being dense here, just trying to understand the limitation (or misinterpretation as it were). -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 9:28 AM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaping/Bridge On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: > Of course it's a code thing (what isn't ;) .. I was trying to gain > some technical insight as to why it doesn't function, and why it works > with NAT as opposed to a bridge. From my (I'm sure, oversimplified) > impression, if packets are passing from one interface to another thru > pfSense packet filtering mechanisms (a process which queues packets > for shaping when enabled), what difference does it make that pfSense > is doing regular ip routing, bridging, or NATting? The wizard assumes natting. Look at the rules it outputs, it's pretty obvious. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping/Bridge
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: Of course it's a code thing (what isn't ;) .. I was trying to gain some technical insight as to why it doesn't function, and why it works with NAT as opposed to a bridge. From my (I'm sure, oversimplified) impression, if packets are passing from one interface to another thru pfSense packet filtering mechanisms (a process which queues packets for shaping when enabled), what difference does it make that pfSense is doing regular ip routing, bridging, or NATting? The wizard assumes natting. Look at the rules it outputs, it's pretty obvious. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Traffic Shaping/Bridge
Of course it's a code thing (what isn't ;) .. I was trying to gain some technical insight as to why it doesn't function, and why it works with NAT as opposed to a bridge. From my (I'm sure, oversimplified) impression, if packets are passing from one interface to another thru pfSense packet filtering mechanisms (a process which queues packets for shaping when enabled), what difference does it make that pfSense is doing regular ip routing, bridging, or NATting? Thanks Bill... -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, March 22, 2007 5:45 AM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaping/Bridge On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: > I'm not trying to beat a dead horse, but I am wondering if something > obvious has perhaps been overlooked here. > > It has been said several times by the pfSense folks that traffic > shaping combined with bridging doesn't work. However, there are folks > claiming to be using it with success. > > I've also checked the m0n0 mailing list archives and someone said the > following: Traffic Shaping with bridging DOES work (in monowall-- the > post was quite old) so long as you have the option "Enable Filtering Bridge" > checked. > > Does that option make any difference in pfSense with respect to > traffic shaping a bridged connection? (I'm trying to get a feel for > *why* or *why > not* here). It's not a matter of can or cannot - it can work, it does not. It's a code thing. It'll get fixed at some point. m0n0's shaper is also _completely_ different from pfSense's both in technology used and method of shaping. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping/Bridge
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote: I'm not trying to beat a dead horse, but I am wondering if something obvious has perhaps been overlooked here. It has been said several times by the pfSense folks that traffic shaping combined with bridging doesn't work. However, there are folks claiming to be using it with success. I've also checked the m0n0 mailing list archives and someone said the following: Traffic Shaping with bridging DOES work (in monowall-- the post was quite old) so long as you have the option "Enable Filtering Bridge" checked. Does that option make any difference in pfSense with respect to traffic shaping a bridged connection? (I'm trying to get a feel for *why* or *why not* here). It's not a matter of can or cannot - it can work, it does not. It's a code thing. It'll get fixed at some point. m0n0's shaper is also _completely_ different from pfSense's both in technology used and method of shaping. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
