This one time, at band camp, Adam Nellemann said:
> > shaping ACK packets with heavy weight fixes both these problems.
> I'm currently allowing (small) ACK's to go directly to my pipe, under
> the assumption that this will amount to an "effective weight" somewhat
> higher than sending them through a weight 100 queue, but perhaps this
> is all wrong? (If so, what then is the idea behind rules being capable
> of going straight to a pipe?)
that seems reasonable. can anyone think of a reason not to go straight to
a pipe? why is it even an option, anyway? does going straight to a pipe
have override priority above any queues defined for that pipe? or is it
just given a greater weight? and how is that weight determined in
relation to define queues?
> > as i mentioned, i didn't write the ruleset, but from what i understand
> > the reason for shaping on the LAN side is two-fold:
> Uhm, I'm probably being a bit "thick" here, but could you elaborate on
> how shaping on LAN instead of WAN will make any difference to the
> above problems? (Since if it does, I will certainly want to change my
> shaper setup!)
> > i hadn't thought of it. seems reasonable. my sense is that with just two
> > interfaces it wouldn't make any difference, as long as any restrictions
> > included in a given rule take into account the directional nature of a
> > given interface. however, what if you have more than one interface? and
> > what about PPTP, IPSEC, Captive Portal, etc...? wouldn't the choice of
> > interface be important?
> Huh, now I'm lost again, didn't you just argue that the interface DID
> matter, even with only two interfaces?!?
again, it's not my ruleset. and i wouldn't say i was arguing any point.
more like thinking out loud, relating what i had been made to understand,
albeit through the foggy-haze of my half-knowledge of things-networky.
> > unless your internal network uses simple hubs rather than switching
> > hubs, the only traffic the LAN interface will see is destined for
> > another interface (WAN, PPTP, DMZ, Wireless, etc.), or destined to be
> > dropped by the ruleset.... so you don't have to worry about shaping
> > internal traffic.
> Ah, but of course. *blush*
> Still, (*grasping at straws to save his honour*) if you have more than
> two interfaces (ie. a DMZ or WLAN), it would make some difference I
now that i think of it, even if the LAN interface saw every packet (as in
a dumb hub), shaping wouldn't apply since any packets not routed
specifically for the LAN interface's IP would get ignored. the m0n0wall
box would suffer some small amount of overhead, and the wire's effective
bandwidth would take a hit, but shaping shouldn't even come into play.
of course, i know nothing about Captive Portal, Pass-through MAC, and that
kind of thing, so perhaps i'm wrong above...