PF-Sense VM - Setup Help


RivaSABB

Recommended Posts

I have created a VM for PF-Sense and am very happy with how stable and well it works. I am battling to finish the last bit of my setup and am hoping someone can help. Currently I have a number of devices that are assigned to a single group to control their behavior in the following sets:

  • Priority Static IP
  • Normal Static IP
  • Media Devices (KODI - Rapberry PI)
  • Seedbox
  • Guest

 

I have set these groups up each with different bandwidth limiters:

  • 100% Down and 100% Up Load Speeds
    • Media Devices
    • Seedbox
    • Priority Static IP
  • 40% Down and 50% Up Load Speeds
    • Normal Static IP's (each)
  • 20% Down and 50% Up Load Speeds
    • Guest IP's (each)

 

That all works 100%. What I would like to do now, and for the life of me I can't get it right, is to priotise certain groups over others. This is what I am looking for:

  • Highest
    • Media Devices
    • Priority Static
    • Normal Static
  • Normal
    • Guest
  • Low
    • Seedbox

 

Why would you want to do this I hear you ask? Its simple, even though certain groups have less bandwidth available they would be prioritiesd ahead of others. So if my media centers required streaming (max bandwidth) and my network was saturated from the Guest or Seedbox it would receive it. It would also mean that Normal static, even though it has a much lower bandwidth limit would almost always receive all of it.

 

I cant seem to wrap my head around this using QOS (by IP or Group).  Can anyone help?

 

Edited by RivaSABB
Link to comment

I would traffic shape rather than use limiters - that way if the bandwidth is available a low-priority device can still use it, rather than it sitting there idle.

 

Off the top of my head I'd:

  • go to firewall\traffic shaper and run the wizard and do a simple PRIQ traffic setup.  This will give you simple queues - qOthersHigh, qOthersLow etc
  • create new aliases for your device groups e.g. Low_Priority Devices
  • then create floating rules to put those groups into the right queues (remember for TCP traffic you need to use an Awknowlegement (qACK), but not for UDP - i.e. you need a rule for TCP and UDP)

Works perfectly for me and means no bandwidth is ever wasted, but priority devices or ports get prioritised

 

e.g. here's my floating rule TCP/UDP pair to put usenet traffic into qOtherLow

 

384856360_FireShotCapture49-woody.dshome-Firewall_Rules_Floa_-https___172_30_12.1_firewall_rules_php.thumb.png.054b1ed3cfe5ad74177156450fbd3d6f.png

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.