Not sure I follow the "not wanting NAT" bit... personally I do want NAT, but perhaps you meant something else?
Agreed, you want NAT between your internal and public networks. But the network layout described in this thread is an openwrt / dd-wrt router connecting public and internal networks (and doing NAT), and multiple internal devices behind it. I have seen nothing to believe that the non-core computers present are behind and not beside the core. Yes, NAT is needed, but not on the core in this thread.
I have no idea what does the QoS, but I believed it was the firewall (certainly I have read in the past that disabling the firewall disables the QoS)...
Agreed, it's what I've been reading, but I don't understand why, to date. Part of the question I posed in my last then, is really "Is firewall a misnomer - turning on the lmce firewall is accomplishing more than what one at first blush expects a firewall to be doing?"
The firewall being more than a firewall is not intuitive as only firewall rules are specified under that tab. I can certainly see how nat / routing / firewall are all involved here in this thread, and how it is not one stop shopping in webadmin under firewall. And I can see how wanting to do anything different in webadmin to manage it would be a can of worms to open, without some serious reason to do so such that it would rise to the top of the priority list. [We may get there, but not today.]
If we assume that (TBC), then you need to understand that there is much more to QoS than "flags". Broadly the 2 halves of QoS are, "marking" and "enforcement"...
Thank you for your post - it reminds me / us that not only must the source app (or, given that the firewall enables / disables QoS, source machine) set the flags, all the points of network concentration (e.g. switch, router) between must honour those flags.
For brevity (because this gets long very quickly) ... you are assuming (in this thread) that all machines are behind the core, and that the core is doing the routing. The former may or may not be true, the latter is explicitly not true. Again, in this thread.
Whether or not the firewall is turned on, the flags should be honoured by the core (routing) [and the flags should be set by the app] - or the firewall is more than a firewall. (The question of which, is what started this branch of the thread.)
I'd guess that that is the cause of much forum traffic - many saying don't turn off the firewall as you'll lose functionality that is sort of the whole point of having lmce in the first place, and others saying 'I already have a firewall.' And I'd suspect made worse, when coming from a Kubuntu install up via CD, as such users would be more aware / sensitive to such fine points. Vs. black box DVD fire-and-forget installs.
Like I say above, I'm not sure another approach (within webadmin) is appropriate, given the complexity and inter-relationship of the concepts, but certainly it should be kept in mind should those areas see further work.
In the meantime, perhaps some relabelling of the 'firewall' tab may be warranted, and an explanatory note that more than a firewall is covered under it.
For myself, I'd like to see the current iptables listed in text under the new rule entry boxes, but I'll put that request in when I get back to that area. (Other things happening around me at the moment.) Certainly doing so would reveal that much more than just what we think of as firewall rules are being turned on/off with the firewall tickbox.