Re: [Shorewall-users] Shorewall VOIP Traffic Control Configuration

Sat, 20 Jan 2007 08:20:26 -0800 

Jim Duda wrote:
> David,
> 
> When I do shorewall show ipmangle, I see that packets are getting marked 
> with "1", however, should I expect a non zero pkt number in the CLASSIFY 
> section?
> 
> Chain tcout (1 references)
>   pkts bytes target     prot opt in     out     source 
> destination
>    456  100K MARK       udp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           udp dpt:4569 MARK set 0x1
>      0     0 MARK       tcp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           tcp dpt:4569 MARK set 0x1
>     15  8202 MARK       udp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           udp dpt:5060 MARK set 0x1
>      0     0 MARK       tcp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           tcp dpt:5060 MARK set 0x1
>     27  2268 MARK       icmp --  *      *       0.0.0.0/0 
> 0.0.0.0/0           icmp type 8 MARK set 0x2
>     12   912 MARK       icmp --  *      *       0.0.0.0/0 
> 0.0.0.0/0           icmp type 0 MARK set 0x2
>      0     0 MARK       tcp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           tcp dpt:20 MARK set 0x3
>      0     0 MARK       tcp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           tcp dpt:21 MARK set 0x3
>      0     0 MARK       tcp  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           tcp dpt:22 MARK set 0x3
>    510  112K MARK       all  --  *      *       0.0.0.0/0 
> 0.0.0.0/0           MARK match !0x0/0xffff MARK set 0x4

The last rule is nonsensical. It says that if you have set the mark to any
non-zero value (1-3) then set it to 4!!!! So all of your outgoing packets
have either mark=0 or mark=4. That's what your CLASSIFY rules are telling
you also.

I think you wanted '0' in the MATCH column rather than '!0'.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to