Shaping - Complicated setup



  • Hi Folks,

    I think this question is more relavent to the 2.0 builds (And I will upgrade is I need to) but here goes..

    I have one LAN subnet and 2 WANs. My servers and clients are all on the same LAN subnet. Currently, using firewall policy routing, I make all my servers internet connections go out the WAN and all my clients (The default rule) to go out WAN2.

    What I wish to do, is throttle all my clients bandwidth speed but leave all the servers (going out WAN) AND some specified clients (going out WAN2) untouched.

    Is there any way to do this without creating 2 LAN subnets for servers and clients?

    I would like to try and avoid using a firewall Aliases for the clients as I wish the throttling to be the default rule.

    In the traffic shaper's throttling page, it would be nice to see an option to "invert" the selection (i.e. I could have an aliases for my servers, then set the shaper to invert this so all my clients, by default, get throttled).

    The reason why I don't want to set up a seperate subnet for my servers is:

    1)Traffic would go in and out via my slow pfsense NIC (Currently I enjoy fast gigabit speeds)
    2) I make use of a couple of IPSEC tunnels and I don't want to set up one tunnel for each subnet as according to this guy:
    http://forum.pfsense.org/index.php/topic,16972.0.html

    I'm thinking that maybe messing with the order of the queues mite help?
    The tricky part is the line (quoting myself) " AND some specified clients (going out WAN2)"

    Your advise is appreciated.

    Thanks

    Side questions: Why has the 2 boxes for upload AND download merged into one in the 2.0 builds???



  • I may be on to something here (in my head):

    What if I set the "penalize" setting to the whole LAN subnet, then manually create a rule and place it at the top to override this?? Would this work?



  • @jonnytabpni:

    I may be on to something here (in my head):

    What if I set the "penalize" setting to the whole LAN subnet, then manually create a rule and place it at the top to override this?? Would this work?

    had no idea…. maybe u can try it first..
    i think policy routing that u use now, maybe the best one


Log in to reply