I've finally concluded that I'm not personally ever going to understand how to use PF
to do rock-solid traffic shaping on my network. We have one incoming DSL line (1.5/768)
and three other interfaces for our LAN, DMZ and VOIP subnets. We have one external static IP.
I've never been able to get the traffic shaping to work solidly with our NAT and
RDR-to-DMZ setup. TCP and UDP traffic to/from the VOIP phone subnet should always win,
since it's realtime and can't be delayed or retried.
I've seen all kind of conflicting information about multiple queues, NAT disrupting
queue assignments and the like.
I'm interested in hearing from anyone who actually thinks this can be done, purely
using a single OpenBSD router with four ethernet interfaces (1 to the outside world, 3 to
our subnets).
I've heard from a lot of people who claim to think they know how this works, but I'm
now convinced that very few actually do.
If you're really sure you know what you're doing, please e-mail me privately. I'll send
you a description of the config, plus our current pf.conf so you can judge the complexity
of the job, and give me a flat-rate estimate on writing a new pf.conf. I've heard from
lots of people to the tune of "I'll look at it for $x a hour" but I could waste a lot of
time and money that way. If you're confident you can do it in a known amount of time, give
me a bid.
Thanks in advance. My frustration level has been very high concerning this project,
because everyone is relying on this system to perform the job well, and we've just never
gotten the traffic shaping to work well.
--
Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/
"I set the wheels in motion, turn up all the machines, activate the programs,
and run behind the scenes. I set the clouds in motion, turn up light and
sound,
activate the window, and watch the world go 'round." -Prime Mover, Rush.
