I have to limit traffic for every single client IP, it is pretty difficult to do that in pf for many circumstances… one of them is because packets are NATed before they going to the shaper, and if so, the clients that is using UPnP with their torrents clinent's, backlogging upload traffic... Correct me, if my considerations are wrong ;)
I wonder if I put simple m0n0 machine with bridged filtered interfaces, with NAT disabled, between PF and users and I will assign on it pipes for every user with proper limitations. It should work ?
I do not know if the packets will be handled correctly with two shapers in line..?
[users] <==unshaped traffic==> [m0no] <===piped traffic===> [pf] <=====all shaped fairly====> [internet]
Does anybody tried this configuration?
Your shaping difference per node can not be that different.
1. makes several aliases..
shape256256 = ip or net
shape512256 = ip or net
shape512512 = ip or net
2. makes several queues for said aliases..
3. make and prioritize your shaping rules for shaped nodes/networks (put them at the top of all other shaping rules). This leaves the node/client in charge of port/service queuing (when they saturate their allocated bandwidth it's their problem.)
4. assign static forwarded ports to each client (uPNP is a disaster IMHO) with the alias system as well. (You'll have to make the NAT rules too)
forward1 = 34750-34755
forward2 = 34756-34761
I don't think there is any need to put another box in the middle of things, but then again every network is just a little different - so your mileage may vary.
just an idea, maybe it helps. This probably won't work if your looking to "Dedicate" bandwidth per node.