Thanks Stuart! I thought there would be a straight forward way of
doing it. With this set up I'm guessing that I can leave state policy
as floating?
Russell
On 29/01/2008, at 9:45 PM, Stuart Henderson wrote:
On 2008/01/29 15:54, Russell Fulton wrote:
I know that one can only queue on the outbound interface. We want
to queue
traffic in both directions so we have to have two queues one on the
external
interface to queue outbound traffic and one on the internal
interface to
queue the incoming traffic. So far so good. What has me a little
confused
is how best to handle sessions with state.
we have a rule:
pass out quick on $ext_if from <unlimited> to any keep state queue
unlimited_out
where unimited_out is defined as applying to $ext_if.
We have defined a queue unlimited_in on $int_if but what is the
best way to
assign the traffic to it?
use the *same* queue name on ext_if and int_if, and specify the
interface name when you define it, e.g.
queue unlimited on $ext_if
queue unlimited on $int_if
then you can assign traffic to both queues in a single filter rule.
AIUI if-bound is most useful on enc0 (in conjunction with ipsec) and
with some special setups using route-to, usually you don't want it.
