On Sun, Oct 23, 2005 at 07:08:44AM -0700, Joe Advisor wrote: > so all of the clients > are basically matching to the external public IP... so > basically I can't individually control the upload > bandwidth.
for this, i use tags. tags aren't bound to an iface, so if you tag from the clients uniquely, and do not overwrite that tag on any further tag rules, you can pass out on $e all tagged client1 keep state queue client1 pass out on $e all tagged client2 keep state queue client2 pass out on $e all tagged client3 keep state queue client3 the initial tagging could be done like: pass in on $i from $client1 to any tag client1 keep state pass in on $i from $client2 to any tag client2 keep state pass in on $i from $client3 to any tag client3 keep state or nat on $e from $client1 to any tag client1 -> $e nat on $e from $client2 to any tag client2 -> $e nat on $e from $client3 to any tag client3 -> $e depending on what seems most appropriate to you. i find it makes my life easier to be picky about how something actually acquires tag X and then to just 'pass all tagged X', rather than tagging loosely and then specifying many particulars on the pass rules, but this is probably just a matter of individual taste. -- jared [ openbsd 3.8 GENERIC ( oct 15 ) // i386 ]
