The first page on the Multiple Lan/Wan Configuration wizard asks for the number of WAN-type connections and the number of LAN-type connections in two separate edit boxes. Since the wizard detects the number of each type of interface automatically, you can usually leave these numbers unchanged, and click on the Next button at the bottom of the page. You may not want to apply the traffic shaper to all interfaces, however, in which case you will want to enter fewer than the total number of WAN and LAN interfaces. You cannot, however, enter more than the total number of interfaces, or you will receive an error message. When you are done making changes, press the Next button.

The next page, Shaper configuration, is where you set up each of the individual interfaces. The page will have different sections, each labeled Setup connection and scheduler information for interface X where X is LAN #1, LAN #2, and so on, or WAN #1, WAN #2 and so on. In each section for the LAN interfaces, there are two drop-down boxes. In the first drop-down box, you select the interface; in the second drop-down box, you select the queuing discipline. Note that in subsequent pages of the wizard, the interfaces will not be specified by name, but instead will identified based on the assignments made on this page (for example, if you have a DMZ interface, and you specified it as the LAN #1 connection on the previous page, then on subsequent pages, Connection LAN #1 will refer to the DMZ interface). This is an aspect of the wizard that is not very user-friendly, and you want to make note of the assignments you make here. Otherwise, you will find yourself constantly hitting the back button on your browser to remind yourself what the assignments are.

The different queuing disciplines have been discussed previously in this chapter, so we won't discuss them in detail here, but here is a summary of their advantages and disadvantages:

• PRIQ: The simplest of all queuing algorithms. Packets are assigned different priority levels, with higher priority levels always being favored over lower priority levels. This guarantees lower latency for higher priority packets, but it also means packets with a lower level of priority can get starved for bandwidth.
• CBQ: Packets belong to classes, and each class is assigned an upper and lower bound for bandwidth. Classes can be hierarchical; therefore, a class can be divided into subclasses. This is a good queuing discipline for guaranteeing a minimum bandwidth, but no guarantees are made regarding latency.
• HFSC: A queuing discipline in which each queue has a curve with two portions: a fairness curve and a service curve. The fairness portion of the curve is designed to provide a minimum level of latency for each queue. There is no guarantee that all the goals of HFSC will be met under all circumstances, but HFSC is the best option for many purposes.

Once you have selected the queuing discipline for each of the LAN-type interfaces, you can set up your WAN connections. For each WAN interface, you can also select the queuing discipline (the same three options – PRIQ, CBQ, and HFSC – are offered). In addition, the wizard will prompt you for the upload and download bandwidth of each WAN interface. The numbers entered in these edit boxes should be a close approximation for your upload and download speeds, in order to ensure the traffic shaper works properly. When you are done making changes, click on the Next button at the bottom of the page.

• VoicePulse: A company that offers VoIP services to residential and business customers. They also offer trunking using the Session Initiation Protocol (SIP) for VoIP gateways and PBX systems.
• Asterisk/Vonage: You have probably heard of Asterisk, which provides you a means of setting up a PBX with software that has both an open source (GNU GPL) and a proprietary component. With Asterisk, you can implement many features previously only available in proprietary PBX systems, such as voice mail and conference calling. Asterisk also supports such VoIP protocols as SIP, the Media Gateway Control Protocol (MGCP), and H.323. Vonage is a VoIP company that offers both residential and business plans, as well as cloud services for enterprise-level customers.
• PanasonicTDA: The Panasonic KX-TDA series of phones supports both H.323 and SIP trunking, with the KX-TDA600 supporting up to 640 trunks.
• Generic (lowdelay): Use this option if your VoIP service does not fall into any of the aforementioned categories.

The next option, Upstream SIP Server, allows you to enter the IP address of a remote PBX or SIP trunk to prioritize. If this option is used, the Provider field will be ignored. The value entered in this field can be an alias.

The rest of the page, Connection WAN #1, Connection LAN #1, and so on,  allows you to enter the upload bandwidth for your WAN connections and the download bandwidth for your LAN connections. This allows you to specify the minimum bandwidth to be allocated to VoIP traffic. This will vary, based on the amount of bandwidth required per VoIP connection, and the total number of VoIP phones/devices, so you'll want to do your homework before entering this information. When you are done making changes, click on the Next button on the bottom of the page.

The next page, Penalty Box, contains two sections: Penalty Box and Penalty Box specific settings. The Penalty Box section has one option: the Penalize IP or Alias checkbox. If enabled, the priority of traffic from the IP (or alias) specified in the Address field in Penalty Box specific settings will be lowered. You must also specify a bandwidth percentage to which the specified host will be limited (only values between 2 and 15% are allowed). Note that although the drop-down box in this section allows you to select different options (percentage, bits/s, kilobits/s, megabits/s, and gigabits/s), if you select anything other than percentage, the entry will not be validated – when you click on Next, you will get a Only percentage bandwidth specification is allowed error message.

The next page, Peer to Peer networking, allows you to configure the peer-to-peer (commonly known as P2P) networking options. P2P networking protocols are designed to utilize all available bandwidth, unless you set limits. Often P2P clients allow you to set limits on the amount of bandwidth to be used, but if you expect P2P traffic on your network, you should ensure that other traffic will not be degraded as a result. Checking the Lower priority of Peer-to-Peer traffic at the top of this page allows you to configure other P2P options on the page.

The next option is the p2p Catch All checkbox, which, if checked, will feed all uncategorized traffic into the p2p queue. This addresses a common problem with traffic shaping with respect to P2P traffic. Many P2P protocols and technologies try deliberately to avoid detection, often by utilizing non-standard or random ports, or even ports associated with other protocols. The p2p Catch All option deals with this problem, sending all unrecognized traffic to the p2p queue, where its priority is accordingly lowered. As with Penalty Box, you must specify a percentage of bandwidth to allocate to the P2P queue, and once again, you are limited to specifying a value between 2 and 15%.

The next section, Enable/Disable specific P2P protocols, allows you to specify which P2P protocols will be recognized by pfSense. Check the corresponding checkbox for each service you want to be recognized. There are over 20 in total, including many well-known protocols, such as BitTorrent, DCC, Gnutella and Napster. When you are finished making your selections on this page, click on the Next button.

The next page of the wizard, Network Games, allows you to specify settings for network games. Since many online games rely on low latency for a good experience, you will want to check the Prioritize network gaming traffic checkbox if you or other users are going to play online games. Gaming can be affected by other users downloading large files, or even by gamers downloading game patches while playing. Enabling the prioritization of network gaming here raises the priority of network gaming so that game traffic will be transferred first and also given a guaranteed chunk of bandwidth.

The next section of the page, Enable/Disable specific game consoles and services, allows you to enable the game consoles/services you will be using. All the major game consoles are represented here (PlayStation, Wii and Xbox), and a few popular gaming services (such as Games for Windows Live). The last section of the page is Enable/Disable specific games. Quite a few popular games are represented here, including Doom 3, Minecraft, and World of Warcraft. If a game you play is not on the list, you may want to choose a game (preferably a similar one) so you can configure a reference rule later on. When you are done selecting games, click on the Next button.

The next page of the wizard, Raise or lower other Applications, provides a list of over 25 applications/services for which you can raise or lower the priority level. Each application or service has its own drop-down box with three options: Default priority, which keeps the priority level the same, Higher priority, and Lower priority. Your specific network configuration and requirements will dictate which applications, and services, for which you manipulate the priority levels. The applications and services are generally grouped with those that would need a higher priority closer to the top of the page and those whose priority can be lowered closer to the bottom of the page. For example, the Remote Service / Terminal emulation section of the page has VNC (Virtual Network Computing) listed. If you are using VNC, you probably want to choose Highest priority, since a poor-quality network connection will make it difficult to remotely control another computer (keep in mind that not just bandwidth but latency is a factor here, with keyboard and mouse events need to be transmitted to the remote computer for it to work).

On the other hand, there are services where nobody will notice if the priority level is lowered. Mail services such as SMTP, POP3 and IMAP come to mind, as well as applications such as MySQL Server. If you enabled p2p Catch All earlier in the wizard, you want to specify protocols here, so they are not penalized by the p2p Catch All rule. When you are done making changes, click on the Next button.

Once you click on the Next button, you will be on the final page of the wizard. At this point, all the rules and queues are created, but not yet in use. By clicking on the Finish button at the bottom of the page, the new rules will load and will be active.

Traffic shaping will now be active, but it will only be applied to new connections. In order for the traffic shaper to take effect on all connections, you must clear the state table. To do this, navigate to Diagnostics | States, click on the Reset States tab, and then click on the Reset button at the bottom of the page.