I'm beginning to see that I was very unclear in my original post.  In an
attempt to simplify my question I left out some important information which
is key to understanding what needs to happen to solve my problem.  My
apologies for that.

Let's say I have 25 users on my WLAN.  21 are "residential" customers and 4
are "commercial" customers.  So I really have 2 problems - 1 is shaping
traffic differently for each class of customer and 2 is limiting bandwidth
differently in each direction for each class.  Problem 2 solves an issue
with wireless lans called the "hidden node" problem.  The technical details
are outside the scope of this but if you're really interested you can do a
Google search and you'll find out all about the hidden node problem.

So now what I do (I am currently doing this with a very expensive commercial
box which I'd obviously like to replace) is group my 21 users into 3 groups
of 7 and assign each group 512kb downstream BW and 64KB upstream BW.  I then
create an individual group for each of the commercial customers with as much
bandwidth as they've paid for.  My current solution also has a nice feature
I'd like to include (though it's not critical) which limits "unknown"
stations (MAC addresses we don't recognize) to it's own set of bandwidth
rules.

So I guess to boil this down further, I need to be able to set up asymmetric
pipes and assign MAC addresses (IPFW2 can do this right?) to the pipes.  A
nice PHP GUI would be a nice plus.

I'll get it all figured out eventually - I just didn't want to reinvent the
wheel and like I said earlier, firewall rules are not my strong suit.

Sorry for being so long-winded and that my original post caused so much
confusion.

John Voigt