pfSense Support Subscription

Author Topic: Shaping programs with wide port ranges  (Read 212 times)

0 Members and 1 Guest are viewing this topic.

Offline TauCeti

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Shaping programs with wide port ranges
« on: March 20, 2017, 05:02:35 pm »
So I have been diligently adding programs to my firewall floating rules to put them neatly into the appropriate queues in the traffic shaper.

Then I tried adding Blizzard's Overwatch. According to this:
https://us.battle.net/support/en/article/300479

UDP port range: 12000-64000. Seriously :o? But it turns out that yes, seriously >:(.  Primary game data is sent using this range. I added all of the other ports to my firewall rules but the high priority Games queue remained pretty quiet and the low priority Default queue was pushing plenty of data.

How are you supposed to shape something like this? Assigning a range that wide is just obviously silly.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 1937
  • Karma: +154/-11
    • View Profile
Re: Shaping programs with wide port ranges
« Reply #1 on: March 20, 2017, 08:19:51 pm »
I used DSCP to mark all traffic from Overwatch in Windows, then

gpedit.msc

When I didn't use tagging, it only assigned the queue on the LAN side, but not the WAN. Don't forget to enable QoS on your interface in Windows.

Offline TauCeti

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Shaping programs with wide port ranges
« Reply #2 on: March 22, 2017, 04:20:27 pm »
Many thanks Harvy66! That's a very elegant solution  :)

I did a quick test at work and had windows marking packets no problem. But then when implementing it I hit two snags:
1) One of the client machines is Windows 10 Home which does not have group policy editor. But installing it apparently works (https://www.youtube.com/watch?v=oqk3vtTYfzY for other people's reference).

2) Windows will only apply the DSCP marks when *connected* to a domain  >:(
There are solutions on the net to address this, with the most popular one appearing to be:
https://support.microsoft.com/en-gb/help/2733528/policy-based-qos-not-working-in-windows-7-clients

This also is mentioned in a few spots as a solution:
https://technet.microsoft.com/en-us/library/bb964018(v=office.12).aspx

Neither worked for:
Windows 7 Pro Laptop (which *does* work when connected to my work domain)
Windows 10 Home + gpedit install

A severfault on the issue has someone with two machines, same settings, different results:
https://serverfault.com/questions/769843/cannot-set-dscp-on-windows-10-pro-via-group-policy

Anyone here managed to get around this problem?

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 1937
  • Karma: +154/-11
    • View Profile
Re: Shaping programs with wide port ranges
« Reply #3 on: March 23, 2017, 11:58:45 am »
I have Win10 Pro and I never directly configured anything about domains. I do have a homegroup setup and the current network is firewalled as "private".