Tom Eastep schrieb: > Ralf Schenk wrote: >> Hello ! >> >> I use shorewall 3.2.4 with multiple providers and I want to use packet >> marking for traffic shaping, so I use a kernel which supports everything >> needed. >> >> I set HIGH_ROUTE_MARKS=yes in shorewall.conf. >> >> I use marks like 0x0100 and 0x0200 for the different providers. >> >> However if I want to set connection marks in tcrules to manually >> influence routing between the providers, shorewall throws an error > > You do NOT set connection marks in tcrules to manually influence routing. You > set packet marks!
Perhaps I've to explain a bit more what I wanted to do. I don't want to balance providers but I want to route traffic depending on traffic types and destination or source adresses i.e. route from my office PC's via a adsl line. For that I use an ipset PPPROUTING that is filled with a handful IP Adresses of my private 192.X.X.X net and a few destinations like typical download mirrors we use. /etc/shorewall/providers: westend 1 0x0100 main eth2 XXX.XXX.XXX.XXX track eth0,eth1 dsl 2 0x0200 main ppp0 - track,optional eth0,eth1 Excerpt from /etc/shorewall/tcrules: # Routing 0x0200:CP +PPPROUTING 0.0.0.0/0 0x0200:CP 0.0.0.0/0 +PPPROUTING So I think I mark connections in the prerouting chain and the routing will take place depending on the packet mark that is derived from this connection mark. But I think you didn't intend to be able to use the high marks as a routing key in /etc/shorewall/tcrules because a line like this throws an compiler error. 0x0200 $FW 0.0.0.0/0 tcp http,https,8080 Why shouldn't we use the high marks for routing and connection-tracking if multiple providers are involved and the low marks for traffic shaping ? -- __________________________________________________ Ralf Schenk fon (02 41) 9 91 21-0 fax (02 41) 9 91 21-59 [EMAIL PROTECTED] Databay AG Hüttenstraße 7 D-52068 Aachen www.databay.de Databay - einfach machen. _________________________________________________ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
