On 5/4/2011 11:37 AM, Vaughn L. Reid III wrote:
On 5/4/2011 11:18 AM, Ermal Luçi wrote:
On Wed, May 4, 2011 at 4:47 PM, Vaughn L. Reid III
<vaughn_reid_...@elitemail.org> wrote:
On 4/29/2011 4:49 PM, bsd wrote:
Le 29 avr. 2011 à 19:08, bsd a écrit :
Le 29 avr. 2011 à 09:37, bsd a écrit :
Hi,
I have created a simple L7 container where I have put SIP and
SkypeOut
traffic.
Then created a Queue called VoIP where this traffic is supposed
to end
(HFSC with 10% reserved).
Then two floating rule to put all traffic (TCP and UDP) in and
selected
the VoIP L7 container I have created.
No traffic seems to go in that queue ??
Any hints ?
Is L7 traffic shapping Out of order for the time beeing ?
Thanks.
May I had that my WLAN and LAN are bridged …
If this has any impact on the L7 Queuing.
… and that my other queue (non L7) are also working very correctly.
Thx.
And the system tunables have been set correctly…
net.link.bridge.pfil_member Set to 0 to disable filtering on the
incoming and outgoing member interfaces. 0
net.link.bridge.pfil_bridge Set to 1 to enable filtering on the
bridge
interface 1
No one has any feedback on L7 that and v.2.0.RC1 ?
Here is some feedback on my experience with the L7 filter:
With this morning's snapshot (05/04/2011 approximately 06:00 EST was
the
time I initiated a snapshot update), I have experienced the L7 filter
significantly slowing web traffic on a system containing Squid and
Squidguard once there were more than a couple of users sending traffic
through the firewall. Disabling the firewall rule passing traffic
to the L7
filter eliminated the bottleneck. Hardware is a a Core 2 Duo
Processor, 4
Gigs memory, Supermicro Server Board, Intel Server NIC's. Also, no
other
traffic shaping other than a single L7 filter rule to block
peer-to-peer
traffic was enabled.
I would recommend putting a firewall rule to send traffic to layer 7
on the outging side when squid is in place
or either just filter the tcp 80/443 through squid and the other
through layer7 with rules on the lan side.
That's a good idea. Squid is running on the pfsense box, however, so
I'm not sure I can create explicit rules for either option. Maybe
send ports 80 and 443 to 127.0.0.1?
On an alix system with a 2.0 RC1 update from last night (Wednesday
5/5/2011) and no squid or squidguard installed, the L7 filter set to
block several peer-to-peer protocols completely bogged down Internet
access, effectively disabling web, mail, and other traffic. Disabling
the LAN rule that activated the L7 filter on that interface instantly
re-enabled the normal passage of traffic.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
