[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Traffic shaping in two directions on bridge
On Thu, Apr 22, 2004 at 09:21:51AM +0200, Per-Olov Sjöholm wrote:
> If you have a std firewall not set up as a bridge everything is clear
> (shape on the outgoing interface).
> But if you want to shape traffic on both directions on a bridge ?
so you're asking two questions at once it seems?
yeah, std firewall and you wanna queue your upload, shape on ISP-facing
interface. if you want to shape traffic on both directions, you can
approach that by shaping your upload on ISP-facing iface and shaping
download on LAN-facing iface.
as far as shaping both on a bridge:
> Let say fxp1 is on the outside and fxp0 on the inside.
> Will you then pass everything in both directions on fxp0 and do ALL rules
> and shaping on fxp1 no matter of direction?
> Will the shaping work in the bridge case for traffice coming IN to fxp1 ?
> Is there any guidelines for bridge setups with PF ?
> What is the wise way in this setup ?
i really don't know if the scenario is any different for a bridge, but
i do queueing on both packets from my LAN to the world ( upload )
and also on the LAN-facing (internal) interface, queueing on packets
which are either between the firewall and a LAN host as one set of
queues ( for 100Mb ), and for packets which are from the world and
going back to a LAN host ( for my ADSL download ).
for things like ftp proxy, that would normally match firewall<->LAN
rules, so i make a special rule for 'from firewall to lanhost user proxy'
which queues it to the "external/download" queue on the internal iface.
[ openbsd 3.5 GENERIC ( mar 26 ) // i386 ]