|
||||||||
Dear list, Don't see why not, but just in case, let me know if you see any obstacle for something like the following to work: The ingredients: 1 Internet connection 8 different internal physical network segments (let's call them 192.168.1.x through 192.168.168.8.x) 1 PC w/m0n0 and 9 NIC ports (in whatever way possible supported by m0n0) I want to do traffic shaping between network segments so that: * I set apart X amount of bandwidth for VOIP devices (by MAC or IP address, for example) * I prioritize SIP/IAX above everything else * I give SMB/CIFS (ports 135:139 and 445) priority after VOIP * I give SMTP/POP3 priority after SMB * I give squid traffic to-from the proxy the next level of priority * I give a few other things (DNS, for example) the next-to-last level * I give *everything else* last place priority On the firewall side, I want to: * Block traffic to-from anywhere by default except where allowed * Allow traffic between segments on specific ports to specific servers (squid, web, print, etc.) * Allow the proxy server to retrieve web pages from the internet * Allow the mail server to send/receive mail through the internet connection Anything I should watch out for? Again, I *don't see why it shouldn't work*, but I'd love to know about any pitfalls before I embark on this project. Regards, Alex |