Fulvio: Zeroshell is very nicely put together. Thank you for sharing your hard work with us all!
I am using Zeroshell in a reasonably large network of managed switches. I want to apply transparent Zeroshell QoS to selected switch ports. I have done this so far by changing the switch ports of the hosts that should have rate control applied to a different VLAN (I’ll call it the QoS VLAN). I followed the traffic shaping bridge directions on the Zeroshell website to set up a Zeroshell bridge between the QoS VLAN and the normal VLAN.
Of course the managed switches’ uplink ports are on both the normal and QoS VLANs. To avoid the Zeroshell bridge passing ARP for the switches’ management IPs, I added two ebtables lines into the startup script to drop all ARP traffic going to or coming from the switches’ IP range.
However this still leaves a situation in which all other hosts’ gratuitous ARP broadcasts are seen on both VLANs. This means that the switches in the LAN have many more entries in the MAC< ->port databases: one for each of the normal and QoS VLANs.
Although this hasn’t posed any problems, I suspect the thing to do is to avoid using the Linux bridging code, and to instead set up a “pseudo bridge” using Proxy ARP and routing.
Has anyone used Zeroshell in this way? I would hope that enabling proxy_arp and setting the interfaces to the same IP address (and the routing etc) wouldn’t break too much of Zeroshell’s lovely interface even if I need to do my hacks with a startup script. I’m very keen to maintain web-based control of QoS parameters… but since they’re on the ETH.. interfaces guess this would work fine. I’m interested in the pros and cons, but for one thing am only intending to pass IP traffic so don’t need the non-IP potential of a Linux bridge.