Topics

1

General Discussion / Need help to better tune fq_CoDel on a slow ADSL

« on: May 10, 2020, 02:02:36 am »

Hello,
I'm trying to share all my bandwidth evenly to my home with the usage of fq_CoDel, because I want a little boost in games and other live softwares.

The line is in PPPoE (G.DMT) and have a max download speed of 4mbit/s and 280kbit/s for the upload.

I've configured the traffic shaper like this:

Pipes

• Bandwidth=3800
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• (FQ-)CoDel ECN is flagged
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Download

• Bandwidth=266
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Upload

Queues

• Pipe=Upload
• Weight=90
• (FQ-)CoDel target=15
• Description=ACK

• Pipe=Download
• Weight=70
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=DNSDown

• Pipe=Upload
• Weight=70
• (FQ-)CoDel target=15
• Description=DNSUp

• Pipe=Download
• Weight=50
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=WANDown

• Pipe=Upload
• Weight=50
• (FQ-)CoDel target=15
• Description=DNSUp

Rules

• Sequence=1
• Interface=WAN
• Proto=tcp (ACK packets only)
• Source=any
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=ACK
• Description=TCP ACK priority

• Sequence=2
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=1.1.1.1, 1.0.0.1
• Dst-port=853
• Direction=out
• Target=DNSUp
• Description=DNS over TLS priority

• Sequence=3
• Interface=WAN
• Proto=ip
• Source=1.1.1.1, 1.0.0.1
• Src-port=853
• Destination=any
• Dst-port=any
• Direction=in
• Target=DNSDown
• Description=DNS over TLS priority

• Sequence=4
• Interface=WAN
• Proto=ip
• Source=192.168.1.0/24
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=WANUp
• Description=Upload shape

• Sequence=5
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=192.168.1.0/24
• Dst-port=any
• Direction=in
• Target=WANDown
• Description=Download shape

Testing it in DSLReports show a bandwidth and bufferbload quality changed form F to B and I think this is a good improvement.

I'm asking to the community if someone can help me or have suggestions about fq_CoDel, to fine tune my traffic shape. Any help is appreciate, thanks

2

20.1 Legacy Series / Need help to tune fq_CoDel on a slow ADSL

« on: May 06, 2020, 01:38:52 pm »

Hello,
I'm trying to share all my bandwidth evenly to my home with the usage of fq_CoDel, because I want a little boost in games and other live softwares.

The line is in PPPoE (G.DMT) and have a max download speed of 4mbit/s and 280kbit/s for the upload.

I've configured the traffic shaper like this:

Pipes

• Bandwidth=3800
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• (FQ-)CoDel ECN is flagged
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Download

• Bandwidth=266
• Bandwidth Metric=kbit/s
• Scheduler type=FlowQueue_CoDel
• FQ-CoDel quantum=300
• FQ-CoDel limit=600
• Description=Upload

Queues

• Pipe=Upload
• Weight=90
• (FQ-)CoDel target=15
• Description=ACK

• Pipe=Download
• Weight=70
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=DNSDown

• Pipe=Upload
• Weight=70
• (FQ-)CoDel target=15
• Description=DNSUp

• Pipe=Download
• Weight=50
• (FQ-)CoDel target=15
• (FQ-)CoDel ECN is flagged
  
• Description=WANDown

• Pipe=Upload
• Weight=50
• (FQ-)CoDel target=15
• Description=DNSUp

Rules

• Sequence=1
• Interface=WAN
• Proto=tcp (ACK packets only)
• Source=any
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=ACK
• Description=TCP ACK priority

• Sequence=2
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=1.1.1.1, 1.0.0.1
• Dst-port=853
• Direction=out
• Target=DNSUp
• Description=DNS over TLS priority

• Sequence=3
• Interface=WAN
• Proto=ip
• Source=1.1.1.1, 1.0.0.1
• Src-port=853
• Destination=any
• Dst-port=any
• Direction=in
• Target=DNSDown
• Description=DNS over TLS priority

• Sequence=4
• Interface=WAN
• Proto=ip
• Source=192.168.1.0/24
• Src-port=any
• Destination=any
• Dst-port=any
• Direction=out
• Target=WANUp
• Description=Upload shape

• Sequence=5
• Interface=WAN
• Proto=ip
• Source=any
• Src-port=any
• Destination=192.168.1.0/24
• Dst-port=any
• Direction=in
• Target=WANDown
• Description=Download shape

Testing it in DSLReports show a bandwidth and bufferbload quality changed form F to B and I think this is a good improvement.

I'm asking to the community if someone can help me or have suggestions about fq_CoDel, to fine tune my traffic shape. Any help is appreciate, thanks

3

17.1 Legacy Series / [SOLVED] Proxy don't use "yoyo ads" list.

« on: March 28, 2017, 06:15:34 pm »

Hello,
I have a problem with the Remote Access Control List of Web Proxy with the "yoyo ads" list.
It is configured like the suggestions of the documentation wiki, but I can't see any domains blocked on my browser.
I have tried to change the link in to "https://pgl.yoyo.org/as/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext" but give me the same "error".
Obviously when adding a domain in to "Access Control List\Blacklist" it is filtered.

Anyone have the same problem or I have to change something on my configuration?

Thank for the help.

4

16.7 Legacy Series / [QUESTION] Exclude some site from squid local cache.

« on: January 12, 2017, 04:56:23 pm »

Hello OPNsense community,
my intention is to remove, from proxy cache, some sites like the modem web page (example: https://192.168.1.1/).
Searching to internet, I know there is possible by adding into "squid.conf" these strings:

acl *the name of your list* dst *your IP range*
cache deny *the name of your list*

Where it is stored that file on OPNsense? Anyway, it is possible to clean completely all the local cache?

Many thanks.

5

16.7 Legacy Series / Problem with "Intrusion Detection" and a Bridge.

« on: August 02, 2016, 10:25:12 am »

Hello,
the interfaces of my OPNsense are configured with one NIC for internet connectivity thru PPPoE and 3 NIC together in a Bridge, so my configuration is:

• WAN -> PPPoE
• LAN -> Bridge0
• OPT1 -> No IP (member of Bridge0)
• OPT2 -> No IP (member of Bridge0)
• OPT3 -> No IP (member of Bridge0)

I have a problem to configure the Intrusion Detection service to the Bridge. When I insert one member of the Bridge0 to the interface list, it become impossible to connect thru that port to OPNsense. While when I insert LAN on the interfaces, seems don't block nothing.
What I have to do for enable Intrusion Detection on the members of Bridge0?

Thanks

6

General Discussion / Question about ad blocking.

« on: July 16, 2016, 12:30:39 pm »

Hello,
it is possible to convert the filter lists "EasyList" (https://easylist.to) to be compatible with the OPNSense services Intrusion Detection or Proxy?

Many thanks.

7

General Discussion / A Proxy Server Question.

« on: July 03, 2016, 01:01:43 am »

Hello community,
I'm not a great expert of networking, but OPNsense is a pleasure to learning and understand!

Anyway I have create a proxy with local cache and adblock (http://pgl.yoyo.org/adservers) for my home, but seems have slowed down my internet connection and response time. I have tried to add "kern.ipc.nmbclusters" with value of "32768" and modified "vfs.read_max" to "128", because some suggest those options to improve "squid" performance, but seems do nothing.

Anyone can help me to understand how to improve the proxy speed?

The system have a Intel Celeron J1900, x4 NIC Intel WG82583, 8Gb DDRL3 1600Mhz and SSD 128Gb without swap.

The "Local Cache Settings" are:

• Memory Cache=4096
• Cache Size=32768
• first-level subdirectories=128
• second-level subdirectories=512
• Maximum object size=10

Another thing: what are "Via header" and "X-Forwarded for header handling" options?

Many thanks!