Hi, I'm managing nearly the same type of network (same amount and type of users). I'm exactly doing what Jason is suggesting, it works very nice.
My Setup: (OpenBSD 3.3) ----------------------- -Deny everything -Allow certain IP after authentication thru AUTHPF -QoS for all traffic, I have special queus for: MAIL,WEB,SSH,Control stuff,Rest -Squid as Transparent Proxy for WWW -I also have a caching nameserver (but this is irrelevant) Note on QoS: ------------ The setup for QoS is very tricky if you want to control the up and down stream. You have to build ONE queue on EACH interface, I really had a bad week getting everything right. Note on P2P: ------------ With a real good QoS setup you can put all the good stuff (many rules!) on fast queues - so that the rest (P2P) goes to a default queue with high latency and low bandwidth which stops most of the P2P stuff at my place. ... Collin PS: need some help ... just contact me
