Traffic Shaping

I have my TS-rule from my webserver network set to if destination != my home VLAN then its gonna cap.
But then I thought, if I have guests over that want to download something from the webserver and they sit in the guest-VLAN, or in the guest WLAN, then they'll be capped to.

So I logged in to m0n0wall and was gonna change so the rule applies only to traffic going from the webserver "DMZ"-interface out through WAN, that is, affecting only people "on the internet" downloading from my server.


Guess what? WAN ain't a choice.
So I cant say "cap the traffic from my webserver out through WAN but nothing else".
Instead I have to say "cap everything except my own VLAN", but then all other local interfaces at home will be capped together with the WAN.

Why?

Thanks

Need more info, don't understand what you mean because if you have a traffic shaping rule that only limits bandwidth for all connections inbound from the WAN, why would the others even be affected by this?

Well, ok, I'll try. Its not all inbound from the WAN, its just for the webserver.

When I sometimes put out a large file on my webserver for some friend to download, my connection gets totally filled up and I can hardly even browse the web until he/she is done downloading.

Not good.


So, I did put a simple cap on uploads from my webserver network in m0n0wall.
The webserver has its own isolated physical network, kind of like a DMZ I guess.

I can NOT, however, set the rule so that traffic going from my webserver network out through WAN is affected, without touching traffic from webserver to my home VLAN, or webserver to the guest VLAN, or webserver to the WLAN.
WAN just ain't a destination choice when making the TS-rule
I can choose OPT1 to LAN, OPT1 to the VLAN's, OPT1 to WLAN, but NOT OPT1 to WAN.

So, as I have it now I cap traffic from my webserver network with destination != my home VLAN so at least me and my GF can grab files quickly. But for guests on the guest VLAN, or maybe even the WLAN if someone wants to borrow it, they'll be capped grabbing files locally from the webserver.


Maybe its possible setting the TS-rule on the WAN instead, and point it to destination webserver-network (OPT1)....doing it the other way around. Gonna check.

Well, as far as limiting the bandwidth of your webserver, you can do that. Just build a separate pipe, set the bandwidth limit, and assign anything coming inbound (it's the server) to flow through the pipe. Set a limit that's slightly below the max upload you have and the issue will go away.

I understand what you mean now, basically, the web server saturates your upload pipe and web browsing, games, etc. slow to a crawl because they are being choked by the web server using all available upload.