Chris 'Xenon' Hanson wrote:
I believe that this indicates that PF needs the ability to queue on
the inbound side of an interface. Numerous people have told me that
this is not necessary, but have not been able to explain how to make
flow-control work properly with one slow WAN interface and two fast
LAN interfaces.
Really tired, so this is just a quick shot at explaining one possible setup:
1. Set the speed of all interfaces to their actual physical speeds.
Exception: If your WAN link is behind another router, set it to
90% or so of the speed that router has, to avoid filling it's queue,
which would cause your queuing to loose effect.
2. Create a queue on the LAN and DMZ interfaces, limited to the speed
of the WAN interface. We'll call these queues lan_wan and dmz_wan
3. Create another queue of the rest of the bandwidth, and let it borrow
bandwidth from the WAN queue. We'll call these lan_lan and dmz_dmz.
3. When the rest of the rules are written classify any traffic going
from WAN to LAN into the lan_wan queue, any traffic going from WAN to
DMZ into the dmz_wan queue, any traffic from DMZ to LAN into the lan_lan
queue, etc.
You're free to build subqueues, and put the traffic there instead.
Hmmm, I know this might not have been the best explanation... Let me
know if anyone want me to clean up my explanations, and produce sample
rules to demonstrate.
Terje
