Roberto Pereyra wrote: > Hi all !! > > I have two internet links. > > I would like mark and route all p2p and junk traffic with a second > link (not the default). > > Can I use shorewall for it ? >
Yes and no. For that P2P traffic that you can identify up front by protocol and port, you can create marking rules and route the traffic accordingly. For P2P traffic identified by ipp2p, in general you cannot change the routing. Let's take a look at why (and this really has nothing to do with Shorewall). Suppose that you have two internet connections to two different ISPs. The external IP addresses are a.b.c.d and w.x.y.z for the links to ISP1 and ISP2 respectively. Further suppose that you use SNAT/MASQUERADE through both interfaces to allow your internal clients internet access. Suppose that you want P2P traffic routed out through ISP2 and all other traffic out through ISP1. If internal system 192.168.4.22 establishes a connection to TCP port 80 at i.j.k.l, that connection is routed out of ISP1. So the system at i.j.k.l accepts a connection from a.b.c.d. If later on, the ipp2p module discovers that this connection is later a P2P connection, what happens if it suddenly switches the connection to ISP2? Now, we will be sending packets with source IP a.b.c.d out through the link to ISP2. Since that isn't an address assigned to you by ISP2, that ISP can reasonably ignore (drop) that traffic. But even if ISP2 doesn't drop the traffic, only the outbound part of the connection would go through ISP2 -- traffic from i.j.k.l to a.b.c.d will continue to be handled by ISP1. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
