From owner-freebsd-questions@FreeBSD.ORG Tue May 11 13:49:24 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE04516A4CE for ; Tue, 11 May 2004 13:49:24 -0700 (PDT) Received: from thunder.trej.net (as3-3-6.orby.s.bonet.se [217.215.33.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id E950D43D46 for ; Tue, 11 May 2004 13:49:22 -0700 (PDT) (envelope-from freebsd@dagerot.nu) Received: from mailgw.trej.net (localhost [127.0.0.1])i4BKnGk13687 for ; Tue, 11 May 2004 22:49:16 +0200 Message-Id: <200405112049.i4BKnGk13687@thunder.trej.net> Date: Tue, 11 May 2004 22:49:15 +0200 Content-Transfer-Encoding: 8bit From: Joachim Dagerot Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org User-Agent: IMHO/0.98.3t (Webmail for Roxen) 3j-MailScanner-Information: Please contact the ISP for more information 3j-MailScanner: Found to be clean Subject: Dummynet, routing and firewalls - crazy idea X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 20:49:24 -0000 Problem: When downloading huge files from the server we can't use the client webbrowser. Setup: One firewall/DHCP/Gateway which all clients and the server routes through. The clients goes via no router when connecting to the server. The server is equipped with double NIC, however only one is used. The firewall is a hardware box meaning no software can be altered. Crazy idea: I have an idea about routing traffic through the server and then to the firewall. This would make it possible for the server to see that there's traffic on port 80 which should be prioritized over traffic on port 21, this part shouldn't be too hard I guess - lots of how-tos on the net for this. BUT, I would like the clients to go directly to the firewall without passing the server if they want to, this will mostly be the case when the server is down for maintenance or similar. This must mean that the servers both NICs actually must be on the same network, is that possible at all and how do I setup such an environment? It's 10:45pm and this idea just came out of my tired brain, if someone can give a better solution to the problem I would be very glad.