Hi, all!
I have such a problem when configuring the gateway for my
LAN:
I want to minimize the number of rules, and for this purpose
I chose PF,
but, as I wrote earlyer:
http://lists.freebsd.org/pipermail/freebsd
-pf/2007-January/002958.html
and found some mails of other people:
http://lists.freebsd.org/pipermail/freebsd
-pf/2006-October/002681.html
if I want to configure connection speed for each user on PF,
I must
configure the number of queues equal to the number of users,
i.e. if I
configure one queue and allow the table of users go to the
Internet through
this queue, I see, that all of them share the bandwidth of
this queue.
I don't think this is a good idea, and now I choosing some
other
variants of optimization, such as:
1. Configure PF for major rules and SPAM filtering and
IPFW+DUMMYNET for
queueing. I've read somewhere, that IPFW-shaper supports
tables the way I
need. I'm afraid that two firewalls should significantly
decrease perfomance.
2. Configure only IPFW. But this means that I have to read
full documentation
about it, and find the way to protect the Internet from SPAM
going from my
local NET.
The ruleset looks like:
0. Binat for real IP.
1. Block NetBIOS
2. Pass all from table-1
3. Pass all from table-128kbps queue 1(128kbps)
4. .....................
5. Pass all from table-1024kbps queue 4(1024kbps)
6. Some spam-protection tool (like spamd)
7. Block all
Could somebody give me some advice what way to go?
P.S. Now my gateway works on 2-processor Xeon router with
Redhat and iptables.
It has 100 Mbps Internet channel, and in the time of maximum
charge it
processes 10-20 kpps.
_______________________________________________
freebsd-performance freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-p
erformance
To unsubscribe, send any mail to
"freebsd-performance-unsubscribefreebsd.org"
|
