Documente Academic
Documente Profesional
Documente Cultură
By Sam Kear
Configuration Steps
The instructions in this hub were created for pfSense version 2.0, if you haven't
upgraded to the latest version I would recommend doing so first. The traffic shaper
in version 2.0 has many improvements over the previous version.
In the sections below I have included a screenshot of each step of the set up
process and a description about each page. After completing these steps you will
have a fully functional traffic shaper for your home or corporate network.
Shaper Configuration
On the shaper config page the first
thing you need to do is select the
LAN scheduler.
I would recommend using the default
which is HFSC (Hierarchical Fair
Service Curve). If you need only very
basic shaping you could use PRIQ
(Priority Queuing) which is simple to
modify but not as effecient.
In the connection upload box it is
Shaper configuration
generally recommended to enter
97% of the connections maximum bandwidth. For example if your ISP provides you
with a 1Mbps (1000Kbps) upstream then you would multiply 1000 x 97% to get
970Kbps. This will ensure that packets are queued on your pfSense system
instead of an upstream router which you have no control over.
In the connection download box enter the maximum downspeed of the connection.
If you are unsure what your connection speed is contact your ISP or use an online
speed test to get an estimate. You may need to slightly tweak these settings to find
the optimal configuration for your connection.
VOIP Settings
If you are not using VOIP leave this setting disabled and click next.
Penalty Box
If you have one or more hosts on
your network that are using most of
the bandwidth you can place them in
a "penalty box" to limit their usage to
a certain percentage of available
bandwidth. As in the previous setting
if you need to list more than one host
you will need to create an alias.
You can also enable the P2P catch all setting to penalize uncategorized traffic. If
this setting is enabled any traffic not specifically classified in the traffic shaper will
be considered P2P traffic. Generally I don't like to use this setting because I feel
that it is too broad, but if you want to take an aggressive approach to packet
shaping you can enable this setting.
If the there is a specific protocol you need to block that isn't listed I'll show you how
to manually create a rule later in this guide.
Other Applications
You can also raise or lower the
priority assigned to different
applications on an individual basis.
Most of the options on this page
depend on the applications in use on
your network. Most users will
probably want to raise the priority of
Raise or lower other Applications
HTTP, DNS, and ICMP. Depending
on how important email is to your
network you could raise or lower its status in the queue.
If you don't see the rules run the wizzard again and make sure the applications
were enabled, sometimes you need to deselect/select the checkbox. If the options
are grayed out then they are not enabled.
You can adjust the ports of existing rules or create entirely new rules if you want.
The easiest way to do this is to create a rule based on an existing rule that is
similar to what you are trying to accomplish. To do this click the plus symbol next to
the rule you want to copy. The queue names are fairly self explanatory as to what
their purpose is.
For a list of of all the queues and their current settings open the traffic shaper
page found in the firewall menu.
Queue Status
the content of the packets instead of just the source or destination ports. If you are
trying to manage traffic which uses many different port numbers you should use
deep packet inspection.
This feature is only found in pfSense version 2.0 and newer.
To create rules for this type of traffic click on the layer 7 tab found under Firewall \
Traffic Shaper. You can create rules to either block certain protocols or route it to
one of the queues.