Thanks to all for the help !! roberto
2006/10/18, Tom Eastep <[EMAIL PROTECTED]>: > Roberto Pereyra wrote: > > Hi all !! > > > > I have two internet links. > > > > I would like mark and route all p2p and junk traffic with a second > > link (not the default). > > > > Can I use shorewall for it ? > > > > Yes and no. > > For that P2P traffic that you can identify up front by protocol and port, you > can create marking rules and route the traffic accordingly. For P2P traffic > identified by ipp2p, in general you cannot change the routing. > > Let's take a look at why (and this really has nothing to do with Shorewall). > > Suppose that you have two internet connections to two different ISPs. The > external IP addresses are a.b.c.d and w.x.y.z for the links to ISP1 and ISP2 > respectively. Further suppose that you use SNAT/MASQUERADE through both > interfaces to allow your internal clients internet access. Suppose that you > want > P2P traffic routed out through ISP2 and all other traffic out through ISP1. > > If internal system 192.168.4.22 establishes a connection to TCP port 80 at > i.j.k.l, that connection is routed out of ISP1. So the system at i.j.k.l > accepts > a connection from a.b.c.d. If later on, the ipp2p module discovers that this > connection is later a P2P connection, what happens if it suddenly switches the > connection to ISP2? Now, we will be sending packets with source IP a.b.c.d out > through the link to ISP2. Since that isn't an address assigned to you by ISP2, > that ISP can reasonably ignore (drop) that traffic. But even if ISP2 doesn't > drop the traffic, only the outbound part of the connection would go through > ISP2 > -- traffic from i.j.k.l to a.b.c.d will continue to be handled by ISP1. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
