Hi, all! I have such a problem when configuring the gateway for my LAN:
I want to minimize the number of rules, and for this purpose I chose PF, but, as I wrote earlyer: http://lists.freebsd.org/pipermail/freebsd-pf/2007-January/002958.html and found some mails of other people: http://lists.freebsd.org/pipermail/freebsd-pf/2006-October/002681.html if I want to configure connection speed for each user on PF, I must configure the number of queues equal to the number of users, i.e. if I configure one queue and allow the table of users go to the Internet through this queue, I see, that all of them share the bandwidth of this queue. I don't think this is a good idea, and now I choosing some other variants of optimization, such as: 1. Configure PF for major rules and SPAM filtering and IPFW+DUMMYNET for queueing. I've read somewhere, that IPFW-shaper supports tables the way I need. I'm afraid that two firewalls should significantly decrease perfomance. 2. Configure only IPFW. But this means that I have to read full documentation about it, and find the way to protect the Internet from SPAM going from my local NET. The ruleset looks like: 0. Binat for real IP. 1. Block NetBIOS 2. Pass all from table-1 3. Pass all from table-128kbps queue 1(128kbps) 4. ..................... 5. Pass all from table-1024kbps queue 4(1024kbps) 6. Some spam-protection tool (like spamd) 7. Block all Could somebody give me some advice what way to go? P.S. Now my gateway works on 2-processor Xeon router with Redhat and iptables. It has 100 Mbps Internet channel, and in the time of maximum charge it processes 10-20 kpps. _______________________________________________ freebsd-performance@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to "[EMAIL PROTECTED]"
