M0n0 as bridge and traffic shaper, is it possible ?

From:	Christoph Hanle <christoph dot hanle at leinpfad dot de>
To:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	M0n0 as bridge and traffic shaper, is it possible ?
Date:	Fri, 16 Feb 2007 19:48:57 +0100

Hi all,
I need a managed allocation of some ports and destination-IPs.
The existing public network (a /28) is following:
3x2mbit----->ISP-router------>switch------->5 firewalls (4 companies).
now i want to build following:
3x2mbit----->ISP-router---m0n0--->switch-----> 5 firewalls.
The m0n0wall must run as bridge, because i have only access to three
existing firewalls and there are some VPNs and public servers and i hate
"doubleNAT".

outgoing pipes with high priority are:
https to 4 IPs
20 site to site IPsec-VPNs to static and dynamic IPs

outgoing with medium priority is:
SMTP from two mailservers
client IPsec-VPN and Cisco VPN-Client
DNS

outgoing with low priority is:
http, https to other, ftp, time, ssh, telnet, VNC

incoming with high priority is:
SMTP(S),IMAPS,POPS,HTTPS to the mailservers
the VPNs
Cisco-VPN-clients

incomming low priority is:
ftp to a mail/webserver.


the "rules" for the incomming traffic are not completed by me, i have to
check the possibilities, because a "SMTP-storm" to one of the
mailservers may not break the traffic to the other mailserver or the VPNs.


Has someone already done a similar configuration and can give me some hints.
I am expecting the most problems with the VPNs.

Every idea, hint etc. is welcome

bye
Christoph