On Wed, 2006-11-15 at 08:01 -0800, Tom Eastep wrote: > Ow Mun Heng wrote: > > Hi All, > > > > Wondering if someone can shed some light on this. > > > > Shorewall-3.08 > > Gentoo LInux > > > > tcclasses > > ppp0 1 full full 1 > > tcp-ack,tos-minimize-delay > > ppp0 2 9*full/10 9*full/10 2 > > ppp0 3 8*full/10 9*full/10 3 > > ppp0 4 1*full/10 9*full/10 5 > > ppp0 5 1*full/10 6*full/10 4 > > default > > > > tcrules > > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request > > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply > > 2 0.0.0.0/0 0.0.0.0/0 tcp 22,873 > > 2 0.0.0.0/0 0.0.0.0/0 tcp 22,873 > > 2 $FW 0.0.0.0/0 tcp - 22,873 > > 2 $FW 0.0.0.0/0 tcp - 22,873 > > 3 $FW 0.0.0.0/0 tcp 80,443 > > 3 $FW 0.0.0.0/0 tcp - 80,443 > > RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 > > CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 > > 4 0.0.0.0/0 0.0.0.0/0 ipp2p:all > > 4 $FW 0.0.0.0/0 ipp2p:all > > SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 > > > > > > The issue is that when I do a sync of my portage tree (using rsync - > > port 873), I see this in "shorewall show connections" > > > > tcp 6 431999 ESTABLISHED src=60.x.x.x dst=212.154.208.7 sport=39354 > > dport=873 packets=1530 bytes=83565 src=212.154.208.7 dst=60.x.x.x > > sport=873 dport=39354 packets=2220 bytes=2978964 [ASSURED] mark=0 use=6 > > > > Notice that the mark=0? Shouldn't I be expecting that this mark be > > mark=2? The odd thing here is that I do notice that the packets _does_ > > go into class 2. Am I missing something Here?? > > Yes -- you are not saving that mark in the connection. Traffic from port 873 > will match the CONTINUE rule.
Re-Reading the website I put these in so that it reflects the rsync packets coming from the Firewall/server. Still doesn't mark it as Mark=2, it still goes into Mark=0 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2 0.0.0.0/0 0.0.0.0/0 tcp 22,873 2 0.0.0.0/0 0.0.0.0/0 tcp 22,873 2 $FW 0.0.0.0/0 tcp - 22,873 2 $FW 0.0.0.0/0 tcp - 22,873 3 $FW 0.0.0.0/0 tcp 80,443 3 $FW 0.0.0.0/0 tcp - 80,443 RESTORE $FW 0.0.0.0/0 all - - - 0 RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE $FW 0.0.0.0/0 all - - - !0 CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 4 0.0.0.0/0 0.0.0.0/0 ipp2p:all 4 $FW 0.0.0.0/0 ipp2p:all SAVE $FW 0.0.0.0/0 all - - - !0 SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
